summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2015-01-23xplist: Fix limited but possible XXE security vulnerability with XML plistsGravatar Martin Szulecki1-4/+16
By using a specifically crafted XML file an attacker could use plistutil to issue a GET request to an arbitrary URL or disclose a local file. The crafted XML file would be using a custom DTD with an external entity reference pointing to the file. Practical abuse is limited but let's still fix it nevertheless. Related to CVE-2013-0339 for libxml2 and CWE-827. Reported by Loïc Bénis from calypt.com. Thanks!
2015-01-11Pass flag '-avoid-version' to libtool for libplist++ in addition to libplist ↵Gravatar Aaron Burghardt1-0/+1
for WIN32.
2014-10-09bplist: Fix plist_from_bin() changing value nodes to key nodes in dictionariesGravatar Martin Szulecki1-11/+33
The parsing logic for binary dictionaries wrongly enforced the key type even on nodes that were already parsed as value nodes. This caused the resulting plist_t node tree to have key nodes instead of value nodes within dictionaries for some valid binary plists. This commit should also generally fixes parsing of binary plist files which use an efficient dictionary reference table.
2014-10-03Drop src/common.h and use byte order macros from config.h directlyGravatar Nikias Bassen3-33/+15
2014-10-03Avoid exporting non-public symbolsGravatar Nikias Bassen9-82/+82
2014-09-23bplist: Prevent crash in plist_from_bin() when parsing unusually structured ↵Gravatar Nikias Bassen1-1/+1
binary plist
2014-09-20C++: Make sure String::GetValue() and Key::GetValue() don't crash with NULL ↵Gravatar Nikias Bassen2-4/+14
strings
2014-09-20Added const to Array.GetSize(), and to 3 Node methods.Gravatar Aaron Burghardt2-5/+5
2014-09-20Change Clone() to be const, which required constructors with const ↵Gravatar Aaron Burghardt11-32/+37
references and a const GetValue().
2014-08-25Fixed memory leaks in new_xml_plist() and parse_real_node().Gravatar Aaron Burghardt2-3/+1
2014-08-06bplist: Silence compiler warning about 'always true' comparison due to type ↵Gravatar Nikias Bassen1-2/+6
mismatch
2014-05-27xplist: Fix keys not being output correctly if converted to XML entitiesGravatar Martin Szulecki1-5/+11
2014-05-23Handle signed vs. unsigned integer values correctlyGravatar Nikias Bassen2-5/+53
2014-05-22xplist: Handle DST-affected timezones correctlyGravatar Nikias Bassen1-1/+1
2014-05-22xplist: Fix PLIST_DATE handling to respect the Mac epochGravatar Nikias Bassen1-2/+4
2014-05-21xplist: Fix PLIST_DATE parsing in xml_to_node()Gravatar Nikias Bassen1-1/+1
2014-05-20Removed plist_set_type() as it should not be used.Gravatar Nikias Bassen1-30/+0
2014-05-20Rename "index" variable as it shadows global declaration on older systemsGravatar Martin Szulecki3-7/+7
2014-05-18xplist: Silence compiler warnings about shadowing global declarationsGravatar Nikias Bassen1-8/+8
2014-05-18bplist: Fix memory leaking caused by unused nodes in plist_from_bin()Gravatar Nikias Bassen1-0/+9
2014-04-02Simplify plist_dict_merge() after plist_dict_set_item() API changeGravatar Nikias Bassen1-3/+0
2014-04-01xplist: Fix timezone-bound date/time conversionGravatar Nikias Bassen1-1/+4
2014-03-29Fix endian detection in configure.acGravatar Chow Loong Jin1-0/+4
On debian-mips, neither __LITTLE_ENDIAN__ nor __BIG_ENDIAN__ are defined anywhere, so PLIST_BYTE_ORDER defaults to PLIST_LITTLE_ENDIAN when it should really be PLIST_BIG_ENDIAN on this architecture. This fixes issue #13.
2014-03-28build-sys: Fix parallel buildGravatar Christophe Fergeau1-1/+1
On my machine, parallel builds fail with: make[2]: Entering directory `/home/teuf/hack/libplist/src' CCLD libplist.la make[2]: *** No rule to make target `../src/libplist.la', needed by `libplist++.la'. Stop. If $(top_builddir)/src/libplist.la does not exist yet when trying to link libplist++.la, automake/make will not realize the $(top_builddir)/src/libplist.la dependency is the same as the libplist.la target, and will thus be unable to generate $(top_builddir)/src/libplist.la. Using the libplist.la instead fixes this issue. I've checked that srcdir!=builddir and make distcheck still pass after this change.
2014-03-19deprecated plist_dict_insert_item in favor of plist_dict_set_itemGravatar Nikias Bassen2-8/+8
2014-03-19plist_dict_set_item: insert key/value pair if key not already presentGravatar Nikias Bassen1-10/+11
2014-02-13Replace some LDADD references to use $(top_builddir) for distcheckGravatar Martin Szulecki1-1/+1
2014-02-13fix make distcheckGravatar Nikias Bassen1-3/+3
2014-02-06bplist: prevent segmentation fault in plist_from_bin()Gravatar Nikias Bassen1-0/+3
2013-12-13bplist: make plist_utf8_to_utf16 static since it is only used internallyGravatar Nikias Bassen1-1/+1
2013-12-13xplist: fix another compiler warning with castGravatar Nikias Bassen1-1/+1
2013-12-13bytearray: silence compiler warning about pointer arithmetic with castGravatar Nikias Bassen1-1/+1
2013-12-13base64: silence compiler warning by using correct typeGravatar Nikias Bassen1-1/+2
2013-12-13xplist: silence compiler warningGravatar Nikias Bassen1-1/+1
2013-12-13xplist: fix shadowed variable declarationGravatar Nikias Bassen1-3/+3
2013-12-13change build system to autotoolsGravatar Nikias Bassen2-59/+47
2013-12-13add new plist_dict_merge() functionGravatar Nikias Bassen1-0/+27
2013-11-12base64: get rid of strtok_r and use strspn+strcspn insteadGravatar Nikias Bassen1-13/+14
strtok_r is not available on win32 and the designated strtok_s function is reported to not work on windows xp. Hence we use an easier an non-destructive implementation with strspn and strcspn to strip out the whitespace.
2013-11-12base64: fix compilation with win32Gravatar Nikias Bassen1-0/+4
this is a temporary fix, we'll replace strtok_r with a custom implementation soon.
2013-10-29fixed mavericks compile problem, return iterator of _map.end() instead of ↵Gravatar Jim Koning1-1/+1
iterator of NULL
2013-10-17UTF-16 surrogate pair fixGravatar shane1-4/+37
Handle UTF-16 surrogate pair conversion to/from UTF-8
2013-10-09base64: use strtok_r instead of strtok to make sure we're thread safeGravatar Nikias Bassen1-2/+3
2013-05-30bplist: use __FLOAT_WORD_ORDER__ instead of __VFP_FP__ for floating point ↵Gravatar Nikias Bassen1-1/+4
endianness detection
2013-03-19C++: added support for PLIST_UID nodes (class Uid)Gravatar Nikias Bassen3-0/+81
2013-03-07xml plists: make sure we don't produce <data/> if it's emptyGravatar Nikias Bassen1-0/+9
2012-11-13C++ bindings: added support for PLIST_KEY nodes.Gravatar Nikias Bassen3-1/+84
2012-11-08Fix crash when converting plists containing commentsGravatar Nikias Bassen1-0/+4
Thanks to free2000fly for pointing this out. The issue was that XML plists with comments converted to binary plists would result in invalid binary nodes, thus converting back these binary plists resulted in a crash.
2012-09-16plist_data_compare: for PLIST_DATA, compare length before accessing dataGravatar Nicolás Alvarez1-0/+2
2012-09-16xplist: set DST to not available in parse_date()Gravatar Nikias Bassen1-0/+1
2012-09-16implemented handling of UID keyed encoding typeGravatar Nikias Bassen3-2/+140