From 7391a506352c009fe044dead7baad9e22dd279ee Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Wed, 18 Jan 2017 15:44:51 +0100
Subject: plistutil: Prevent OOB heap buffer read by checking input size

As pointed out in #87 plistutil would do a memcmp with a heap buffer
without checking the size. If the size is less than 8 it would read
beyond the bounds of this heap buffer. This commit prevents that.
---
 tools/plistutil.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/plistutil.c b/tools/plistutil.c
index 6451604..e943e76 100644
--- a/tools/plistutil.c
+++ b/tools/plistutil.c
@@ -129,6 +129,12 @@ int main(int argc, char *argv[])
     }
 
     stat(options->in_file, &filestats);
+
+    if (filestats.st_size < 8) {
+        printf("ERROR: Input file is too small to contain valid plist data.\n");
+        return -1;
+    }
+
     plist_entire = (char *) malloc(sizeof(char) * (filestats.st_size + 1));
     read_size = fread(plist_entire, sizeof(char), filestats.st_size, iplist);
     fclose(iplist);
-- 
cgit v1.1-32-gdbae