libplist/src, branch time64 Library to handle Apple Property List format files in binary or XML xplist: Prevent UaF when parsing structured nodes fails 2016-10-31T01:52:01+00:00 Filippo Bigarella 2016-10-31T01:52:01+00:00 17b8e01bdfbdb38a2aec5cce0554b72bd37ee6ce In case parsing inside `node_from_xml` called from line 842 fails, `data` gets freed by the call to `plist_free` at line 899, since `subnode` is actually created by making it point to `data` at line 684. This commit prevents this situation by bailing out whenever parsing in a deeper level of structured nodes fails. 
In case parsing inside `node_from_xml` called from line 842 fails, `data`
gets freed by the call to `plist_free` at line 899, since `subnode` is
actually created by making it point to `data` at line 684. This commit
prevents this situation by bailing out whenever parsing in a deeper level
of structured nodes fails.
xplist: Prevent heap buffer overflow when parsing empty tags 2016-10-31T01:51:12+00:00 Filippo Bigarella 2016-10-31T01:51:12+00:00 0be2a22a6504635bb89d4fe4402a9dbe851898d4 If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside the buffer pointed to by `tag`. This commit fixes it by checking the bounds of the heap buffer before writing. 
If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside
the buffer pointed to by `tag`. This commit fixes it by checking the bounds
of the heap buffer before writing.
xplist: Prevent NULL pointer dereference when parsing <real> nodes 2016-10-31T01:44:02+00:00 Filippo Bigarella 2016-10-31T01:44:02+00:00 6b9ab336fe3408a4f073a487f5265a1a2ed101f7 






base64: Prevent buffer overflow by not decoding blocks with less than 4 chars
2016-10-31T01:43:15+00:00

Filippo Bigarella

2016-10-31T01:43:15+00:00

62bac060ed5ee6d64a71edf6cc627cc184ae87e5












Add pthread detection to configure.ac to get cflags and libs right
2016-10-24T17:27:13+00:00

Nikias Bassen

2016-10-24T17:27:13+00:00

eec2e855b4f192cb1808d1f02b6bc8935a979025












Remove libxml2 dependency in favor of custom XML parsing
2016-10-22T02:39:47+00:00

Nikias Bassen

2016-10-22T02:39:47+00:00

392135c7db4d9cb4a14ff5935d7c4c6e21363847












Use time64 implementation by Michael G Schwern to extend allowed date/time range
2016-09-19T01:10:04+00:00

Nikias Bassen

2016-09-19T01:10:04+00:00

8d34de3078469aba636846a15bad08198f66fdc8

The main benefit of this is to allow date/time values outside of the 32bit time_t
range which is very important on 32bit platforms. But there are also some other
issues that will be fixed with this, for example on macOS, mktime() will not work
for dates < 1902 despite time_t being 64bit.

In the same run this commit will also use a reentrant version of gmtime64_r that
should help in multithreaded scenarios.

Original code taken from: https://github.com/evalEmpire/y2038





The main benefit of this is to allow date/time values outside of the 32bit time_t
range which is very important on 32bit platforms. But there are also some other
issues that will be fixed with this, for example on macOS, mktime() will not work
for dates < 1902 despite time_t being 64bit.

In the same run this commit will also use a reentrant version of gmtime64_r that
should help in multithreaded scenarios.

Original code taken from: https://github.com/evalEmpire/y2038







Change internal storage of PLIST_DATE values from struct timeval to double
2016-09-18T23:49:05+00:00

Nikias Bassen

2016-09-18T23:49:05+00:00

912cb45928f03355ca162a2f1286ca49eb58155c

This removes the timeval union member from the plist_data_t structure.
Since struct timeval is 2x64bit on 64bit platforms this member unnecessarily
grew the union size to 16 bytes while a size of 8 bytes is sufficient.
Also, on 32bit platforms struct timeval is only 2x32bit of size, limiting the
range of possible time values. In addition the binary property list format
also stores PLIST_DATE nodes as double.





This removes the timeval union member from the plist_data_t structure.
Since struct timeval is 2x64bit on 64bit platforms this member unnecessarily
grew the union size to 16 bytes while a size of 8 bytes is sufficient.
Also, on 32bit platforms struct timeval is only 2x32bit of size, limiting the
range of possible time values. In addition the binary property list format
also stores PLIST_DATE nodes as double.







Make sure plist_cleanup() symbol is actually public
2016-09-08T21:51:46+00:00

Martin Szulecki

2016-09-08T21:51:46+00:00

a348ba9aa866e7e97fd7bf819af38c8c9107ebb5












xplist: Plug memory leak when converting PLIST_UID nodes to XML
2016-06-29T11:17:00+00:00

Nikias Bassen

2016-06-29T11:17:00+00:00

16f45a04f8790f36e5af939bfd728ee410470e05

In node_to_xml nodes of type PLIST_UID are temporarily converted
to a PLIST_DICT for an appropriate XML output. Therefore a PLIST_KEY
and a PLIST_UINT node is created and inserted into the PLIST_DICT
node. Upon completion, the child nodes of the PLIST_DICT node are
detached from the original node and freed, however the data of the
child nodes - the key string and the uint value - are not.
This commit fixes it.





In node_to_xml nodes of type PLIST_UID are temporarily converted
to a PLIST_DICT for an appropriate XML output. Therefore a PLIST_KEY
and a PLIST_UINT node is created and inserted into the PLIST_DICT
node. Upon completion, the child nodes of the PLIST_DICT node are
detached from the original node and freed, however the data of the
child nodes - the key string and the uint value - are not.
This commit fixes it.