diff options
| author |  Nikias Bassen | 2017-01-18 15:44:51 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2017-01-18 15:44:51 +0100 |
| commit | 7391a506352c009fe044dead7baad9e22dd279ee (patch) | |
| tree | f6240301d10d69300a68228c529c3bc6413aa101 /tools/plistutil.c | |
| parent | 7a28a14cf6ed547dfd2e52a4db17f47242bfdef9 (diff) | |
| download | libplist-7391a506352c009fe044dead7baad9e22dd279ee.tar.gz libplist-7391a506352c009fe044dead7baad9e22dd279ee.tar.bz2 | |
plistutil: Prevent OOB heap buffer read by checking input size
As pointed out in #87 plistutil would do a memcmp with a heap buffer
without checking the size. If the size is less than 8 it would read
beyond the bounds of this heap buffer. This commit prevents that.
Diffstat (limited to 'tools/plistutil.c')
| -rw-r--r-- | tools/plistutil.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/plistutil.c b/tools/plistutil.c index 6451604..e943e76 100644 --- a/tools/plistutil.c +++ b/tools/plistutil.c @@ -129,6 +129,12 @@ int main(int argc, char *argv[]) } stat(options->in_file, &filestats); + + if (filestats.st_size < 8) { + printf("ERROR: Input file is too small to contain valid plist data.\n"); + return -1; + } + plist_entire = (char *) malloc(sizeof(char) * (filestats.st_size + 1)); read_size = fread(plist_entire, sizeof(char), filestats.st_size, iplist); fclose(iplist); |