libplist - Library to handle Apple Property List format files in binary or XML

Age	Commit message (Collapse)	Author	Files	Lines
2016-11-13	xplist: Properly parse CDATA blocks in get_text_content()	Nikias Bassen	1	-7/+23

2016-10-31	xplist: Prevent UaF when parsing structured nodes failstime64	Filippo Bigarella	1	-0/+5
	In case parsing inside `node_from_xml` called from line 842 fails, `data` gets freed by the call to `plist_free` at line 899, since `subnode` is actually created by making it point to `data` at line 684. This commit prevents this situation by bailing out whenever parsing in a deeper level of structured nodes fails.
2016-10-31	xplist: Prevent heap buffer overflow when parsing empty tags	Filippo Bigarella	1	-1/+3
	If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside the buffer pointed to by `tag`. This commit fixes it by checking the bounds of the heap buffer before writing.
2016-10-31	xplist: Prevent NULL pointer dereference when parsing <real> nodes	Filippo Bigarella	1	-0/+8

2016-10-22	Remove libxml2 dependency in favor of custom XML parsing	Nikias Bassen	1	-350/+652

2016-09-19	Use time64 implementation by Michael G Schwern to extend allowed date/time range	Nikias Bassen	1	-11/+17
	The main benefit of this is to allow date/time values outside of the 32bit time_t range which is very important on 32bit platforms. But there are also some other issues that will be fixed with this, for example on macOS, mktime() will not work for dates < 1902 despite time_t being 64bit. In the same run this commit will also use a reentrant version of gmtime64_r that should help in multithreaded scenarios. Original code taken from: https://github.com/evalEmpire/y2038
2016-09-19	Change internal storage of PLIST_DATE values from struct timeval to double	Nikias Bassen	1	-4/+3
	This removes the timeval union member from the plist_data_t structure. Since struct timeval is 2x64bit on 64bit platforms this member unnecessarily grew the union size to 16 bytes while a size of 8 bytes is sufficient. Also, on 32bit platforms struct timeval is only 2x32bit of size, limiting the range of possible time values. In addition the binary property list format also stores PLIST_DATE nodes as double.
2016-06-29	xplist: Plug memory leak when converting PLIST_UID nodes to XML	Nikias Bassen	1	-0/+1
	In node_to_xml nodes of type PLIST_UID are temporarily converted to a PLIST_DICT for an appropriate XML output. Therefore a PLIST_KEY and a PLIST_UINT node is created and inserted into the PLIST_DICT node. Upon completion, the child nodes of the PLIST_DICT node are detached from the original node and freed, however the data of the child nodes - the key string and the uint value - are not. This commit fixes it.
2016-04-20	Move libxml cleanup code to a plist_cleanup method	Frederik Carlier	1	-17/+0

2015-11-13	xplist: Get rid of setlocale() and use custom function to print floating ↵	Nikias Bassen	1	-14/+32
	point values
2015-01-23	xplist: Plug memory leak by cleaning up libxml2's parser after use	Martin Szulecki	1	-0/+16
	This is actually considered bad practice. However, it appears this memory leak is otherwise not possible to fix due to a design flaw in how libxml2 handles the lifecycle of it's XML parser. We'll let the community test this in production now and decide. In our tests this change had no drawbacks except fixing the last known memory leak in libplist.
2015-01-23	Update and correct some copyright header comments	Martin Szulecki	1	-1/+3

2015-01-23	xplist: Fix limited but possible XXE security vulnerability with XML plists	Martin Szulecki	1	-4/+16
	By using a specifically crafted XML file an attacker could use plistutil to issue a GET request to an arbitrary URL or disclose a local file. The crafted XML file would be using a custom DTD with an external entity reference pointing to the file. Practical abuse is limited but let's still fix it nevertheless. Related to CVE-2013-0339 for libxml2 and CWE-827. Reported by Loïc Bénis from calypt.com. Thanks!
2014-10-03	Avoid exporting non-public symbols	Nikias Bassen	1	-2/+2

2014-08-25	Fixed memory leaks in new_xml_plist() and parse_real_node().	Aaron Burghardt	1	-3/+0

2014-05-27	xplist: Fix keys not being output correctly if converted to XML entities	Martin Szulecki	1	-5/+11

2014-05-23	Handle signed vs. unsigned integer values correctly	Nikias Bassen	1	-3/+28

2014-05-22	xplist: Handle DST-affected timezones correctly	Nikias Bassen	1	-1/+1

2014-05-22	xplist: Fix PLIST_DATE handling to respect the Mac epoch	Nikias Bassen	1	-2/+4

2014-05-21	xplist: Fix PLIST_DATE parsing in xml_to_node()	Nikias Bassen	1	-1/+1

2014-05-18	xplist: Silence compiler warnings about shadowing global declarations	Nikias Bassen	1	-8/+8

2014-04-01	xplist: Fix timezone-bound date/time conversion	Nikias Bassen	1	-1/+4

2013-12-13	xplist: fix another compiler warning with cast	Nikias Bassen	1	-1/+1

2013-12-13	xplist: silence compiler warning	Nikias Bassen	1	-1/+1

2013-12-13	xplist: fix shadowed variable declaration	Nikias Bassen	1	-3/+3

2013-03-07	xml plists: make sure we don't produce <data/> if it's empty	Nikias Bassen	1	-0/+9

2012-11-08	Fix crash when converting plists containing comments	Nikias Bassen	1	-0/+4
	Thanks to free2000fly for pointing this out. The issue was that XML plists with comments converted to binary plists would result in invalid binary nodes, thus converting back these binary plists resulted in a crash.
2012-09-16	xplist: set DST to not available in parse_date()	Nikias Bassen	1	-0/+1

2012-09-16	implemented handling of UID keyed encoding type	Nikias Bassen	1	-0/+55

2012-01-12	fix compiler warnings	Nikias Bassen	1	-1/+1

2011-05-29	Use simple sscanf for parsing dates if strptime is not available	Nikias Bassen	1	-2/+15

2011-05-29	Use malloc+snprintf instead of asprintf	Nikias Bassen	1	-2/+4

2011-05-27	Make libplist glib free	Nikias Bassen	1	-24/+61

2010-08-23	Fixes the xml export.	Dogbert	1	-2/+2
	Apple's activation server refuses XML tickets when this patch isn't applied.
2010-04-06	plist_to_xml: use POSIX locale to make sure '.' is used for floats	Nikias Bassen	1	-0/+14
	In locales like German, a ',' is used as a decimal separator. When the program calling plist_to_xml uses LC_NUMBER with something different than a '.', parsing of the resulting XML document fails. This patch fixes it.
2010-04-06	plist_to_xml: copy terminating 0-byte given from xmlDocDumpMemory	Nikias Bassen	1	-2/+3
	This makes it possible to process the resulting char* directly as a c-string without further copying.
2010-03-03	Copy xml buffer to malloced buffer to prevent free / xmlFree mixing.	Jonathan Beck	1	-2/+9

2010-01-21	Fix some warnings	Jonathan Beck	1	-1/+2

2010-01-14	Make sure to convert predefined xml entities in xml output	Martin Szulecki	1	-1/+6
	For string nodes, a set of special characters must be converted to predefined xml entities. This patch adds an entitiy test case for this and makes libplist pass it fine by explicitly adding text nodes.
2009-10-28	Format sources to ANSI style using AStyle (astyle --style=ansi).	Jonathan Beck	1	-272/+292

2009-07-08	Add a deep copy function and value setters for nodes.	Jonathan Beck	1	-6/+4

2009-04-28	Merge ascii and unicode handling in PLIST_STRING using UTF-8. Remove unicode ↵	Jonathan Beck	1	-24/+3
	related declaration in API (breaks API&ABI)
2009-03-27	Use (void) instead of () in functions prototype.	Jonathan Beck	1	-1/+1

2009-02-15	Add more regression test and fix Integer and Real type handling.	Jonathan Beck	1	-2/+2

2009-02-14	Fix Invalid memory read and match g_free with g_malloc.	Jonathan Beck	1	-3/+3

2009-02-14	Fix some memory leaks.	Jonathan Beck	1	-26/+26

2009-02-14	Only call g_base64_encode if there is data to encode.	Jonathan Beck	1	-3/+5

2009-02-09	Make it compile on MSVC 2005.	Jonathan Beck	1	-21/+42

2009-01-29	Fix indent.	Jonathan Beck	1	-6/+5

2009-01-29	Clean some old stuff.	Jonathan Beck	1	-2/+0