libplist - Library to handle Apple Property List format files in binary or XML

Age	Commit message (Collapse)	Author	Files	Lines
2019-01-21	xplist: Fix dtostr() inserting ':' to output string when fractional part ↵	Nikias Bassen	1	-2/+15
	overflows
2018-12-17	xplist: Write base64 directly to output buffer to improve memory usage	Nikias Bassen	1	-5/+2
	Now that we grow the output buffer enough before writing XML output we can just write the base64 encoded data directly to the ouput buffer instead of using a heap buffer that will then be copied to the output buffer. This makes writing XML output more memory efficient (and slightly faster).
2018-12-14	xplist: Improve memory usage by estimating output buffer size	Nikias Bassen	1	-2/+127

2018-12-14	xplist: Fix writing of empty dict and array nodes to XML	Nikias Bassen	1	-8/+6

2018-12-11	xplist: Fix segfault caused by recent changes in libcnary	Nikias Bassen	1	-1/+1

2018-12-10	xplist: Prevent unnecessary reallocations when writing XML output	Nikias Bassen	1	-1/+4

2018-12-10	Remove node_iterator and operate on node list directly to improve memory usage	Nikias Bassen	1	-4/+1

2018-09-04	xplist: Assert when number of child nodes of PLIST_DICT is not even	Nikias Bassen	1	-0/+3
	This should only happen due to misuse of the library, e.g. when calling plist_free() on a node that is a value node in a PLIST_DICT without properly removing the dictionary entry (key/value pair) and then calling plist_to_xml() on that dictionary.
2018-07-25	xplist: Fix typo in error message	Bastien Nocera	1	-1/+1

2017-04-02	xplist: Plug another memory leak	Nikias Bassen	1	-0/+3
	Credit to OSS-Fuzz
2017-03-29	xplist: Prevent memory leak(s) when parsing fails	Nikias Bassen	1	-2/+2
	Credit to OSS-Fuzz
2017-03-29	xplist: Make XML parsing non-recursive to prevent stack overflow on ↵	Nikias Bassen	1	-79/+103
	deep-structured plists Credit to OSS-Fuzz
2017-02-15	xplist: Improve writing of large PLIST_DATA nodes by growing buffer in advance	Nikias Bassen	1	-0/+1
	Instead of letting the buffer grow by just the amount of bytes currently transformed to base64 - which is basically line by line - we now calculate the size of the output blob in advance and grow the buffer accordingly. This will reduce the amount of reallocs to just one, which is especially important for large data blobs. While this is a general improvement for all platforms, it is on platforms like Windows where realloc() can be REALLY slow; converting a 20mb blob to XML can easily take up to a minute (due to the several hundred thousand calls to realloc()). With this commit, it will be fast again.
2017-02-09	xplist: Fix OOB heap buffer read with empty data nodes	Nikias Bassen	1	-2/+4
	Credit to OSS-Fuzz
2017-02-09	xplist: Prevent assert when parsing CF$UID dict with invalid value node	Nikias Bassen	1	-0/+5
	Credit to OSS-Fuzz
2017-02-08	xplist: Use proper variable size for integer from string parsing	Nikias Bassen	1	-2/+2

2017-02-07	xplist: Prevent some more strncmp related OOB reads	Nikias Bassen	1	-4/+4

2017-02-07	xplist: Really fix OOB read when parsing DOCTYPE	Nikias Bassen	1	-1/+1

2017-02-07	xplist: unescape_entities(): Make sure text part buffer is null terminated ↵	Nikias Bassen	1	-0/+1
	after strncpy
2017-02-07	xplist: Fix OOB read when parsing DOCTYPE	Nikias Bassen	1	-1/+1

2017-02-07	xplist: Also fix OOB read in find_char() and find_str() functions	Nikias Bassen	1	-0/+8

2017-02-07	xplist: Prevent OOB read in two more cases	Nikias Bassen	1	-0/+10

2017-02-07	xplist: Fix OOB read when parsing double quotes	Nikias Bassen	1	-0/+4

2017-02-07	xplist: Fix OOB read when parsing node text content	Nikias Bassen	1	-1/+1

2017-02-07	xplist: Catch some more error conditions	Nikias Bassen	1	-34/+37

2017-02-06	xplist: Prevent memory leaks when parsing fails	Nikias Bassen	1	-37/+20

2017-01-03	xplist: Refine XML parsing error messages	Nikias Bassen	1	-15/+18

2017-01-02	xplist: Error out when invalid tags inside text nodes are encountered	Nikias Bassen	1	-2/+12

2017-01-02	xplist: Make sure to error out when encountering empty/incomplete entities	Nikias Bassen	1	-1/+5

2017-01-02	xplist: Make sure to not parse for entities in empty strings	Nikias Bassen	1	-1/+1

2017-01-02	xplist: Allow empty keys in dictionaries	Nikias Bassen	1	-2/+2

2017-01-02	xplist: Allow whitespace after name in closing tag	Nikias Bassen	1	-2/+7
	'</key >' is a perfectly valid closing tag and so is '</key >' (note the newline). This commit will make the parser skip any encountered whitespace before checking for the closing '>'.
2017-01-01	xplist: Fix numerical character entity conversion	Nikias Bassen	1	-2/+6

2016-12-21	xplist: Fix UaF in code checking for closing tag	Nikias Bassen	1	-2/+2

2016-12-21	xplist: Make sure to correctly parse for closing tags of structured nodes	Nikias Bassen	1	-7/+45

2016-12-21	xplist: Make sure to stop parsing on entity errors	Nikias Bassen	1	-7/+11

2016-12-14	xplist: Remove usage of strlen() wherever possible	Nikias Bassen	1	-45/+66

2016-12-14	xplist: Improve text content parsing, reducing memory usage and unneeded copying	Nikias Bassen	1	-113/+318

2016-12-14	Properly check for the availability of strptime() and make sure to use it	Nikias Bassen	1	-1/+5

2016-11-28	xplist: Fix parsing of adjacent nodes without whitespace between them	Nikias Bassen	1	-2/+1
	The context position counter was increased after encountering a closing node, e.g. '</dict>' or after a closing '</key>' node. When a node followed it directly without any whitespace inbetween, e.g. </dict><key>, parsing would fail since the parser would look at 'key>' instead of '<key>' for the next node to be parsed.
2016-11-13	xplist: Don't parse XML reserved characters in CDATA blocks	Nikias Bassen	1	-0/+1

2016-11-13	xplist: Support converting numerical character entities	Nikias Bassen	1	-3/+51

2016-11-13	xplist: Don't escape " and ' characters in node_to_xml	Nikias Bassen	1	-10/+0

2016-11-13	xplist: Properly parse CDATA blocks in get_text_content()	Nikias Bassen	1	-7/+23

2016-10-31	xplist: Prevent UaF when parsing structured nodes failstime64	Filippo Bigarella	1	-0/+5
	In case parsing inside `node_from_xml` called from line 842 fails, `data` gets freed by the call to `plist_free` at line 899, since `subnode` is actually created by making it point to `data` at line 684. This commit prevents this situation by bailing out whenever parsing in a deeper level of structured nodes fails.
2016-10-31	xplist: Prevent heap buffer overflow when parsing empty tags	Filippo Bigarella	1	-1/+3
	If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside the buffer pointed to by `tag`. This commit fixes it by checking the bounds of the heap buffer before writing.
2016-10-31	xplist: Prevent NULL pointer dereference when parsing <real> nodes	Filippo Bigarella	1	-0/+8

2016-10-22	Remove libxml2 dependency in favor of custom XML parsing	Nikias Bassen	1	-350/+652

2016-09-19	Use time64 implementation by Michael G Schwern to extend allowed date/time range	Nikias Bassen	1	-11/+17
	The main benefit of this is to allow date/time values outside of the 32bit time_t range which is very important on 32bit platforms. But there are also some other issues that will be fixed with this, for example on macOS, mktime() will not work for dates < 1902 despite time_t being 64bit. In the same run this commit will also use a reentrant version of gmtime64_r that should help in multithreaded scenarios. Original code taken from: https://github.com/evalEmpire/y2038
2016-09-19	Change internal storage of PLIST_DATE values from struct timeval to double	Nikias Bassen	1	-4/+3
	This removes the timeval union member from the plist_data_t structure. Since struct timeval is 2x64bit on 64bit platforms this member unnecessarily grew the union size to 16 bytes while a size of 8 bytes is sufficient. Also, on 32bit platforms struct timeval is only 2x32bit of size, limiting the range of possible time values. In addition the binary property list format also stores PLIST_DATE nodes as double.