Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
By using a specifically crafted XML file an attacker could use plistutil
to issue a GET request to an arbitrary URL or disclose a local file.
The crafted XML file would be using a custom DTD with an external entity
reference pointing to the file. Practical abuse is limited but let's still
fix it nevertheless. Related to CVE-2013-0339 for libxml2 and CWE-827.
Reported by Loïc Bénis from calypt.com. Thanks!
|
|
|
|
for WIN32.
|
|
If AC_PROG_CXX is used after AC_PROG_CC, it will return "g++" even if no
C++ compiler is installed. However, as we need one, testing compiling a
program will make configure fail if indeed no C++ compiler is installed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The parsing logic for binary dictionaries wrongly enforced the key type even
on nodes that were already parsed as value nodes. This caused the resulting
plist_t node tree to have key nodes instead of value nodes within dictionaries
for some valid binary plists. This commit should also generally fixes parsing
of binary plist files which use an efficient dictionary reference table.
|
|
|
|
|
|
|
|
non-gcc/clang compilers happy
|
|
|
|
binary plist
|
|
strings
|
|
|
|
references and a const GetValue().
|
|
|
|
|
|
mismatch
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
output
|
|
|
|
|
|
|
|
ownership/responsibility.
|
|
|