summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2017-01-28bplist: Improve writing of array and dictionary nodesGravatar Nikias Bassen1-54/+17
2017-01-28bplist: Improve writing of data, string, and unicode nodesGravatar Nikias Bassen1-18/+7
2017-01-28bplist: Improve writing of UID nodesGravatar Nikias Bassen1-12/+6
2017-01-28bplist: Improve writing of integer nodesGravatar Nikias Bassen1-21/+12
2017-01-28bplist: Improve real/date node de/serializationGravatar Nikias Bassen1-65/+56
2017-01-25bplist: Fix UID node parsing to match Apple's parserGravatar Nikias Bassen1-14/+7
Apple only allows 32 bit unsigned values for UID nodes. Also the encoding of the length is different from the encoding used for other node types. The nibble used to mark the size is 1 less than the actual size of the integer value data, so 0 means 1 byte length 1 means 2 bytes length, etc.
2017-01-25bplist: Improve integer node parsing, remove unnecessary memcpy()Gravatar Nikias Bassen1-4/+2
2017-01-19bplist: Check for invalid ref_size in bplist trailerGravatar Nikias Bassen1-0/+3
2017-01-19bplist: Mass-rename 'dict_size' and 'param_dict_size' to more appropriate ↵Gravatar Nikias Bassen1-30/+30
'ref_size'
2017-01-19bplist: Use proper struct for binary plist trailerGravatar Nikias Bassen1-47/+31
2017-01-19bplist: Check for invalid offset_size in bplist trailerGravatar Wang Junjie1-0/+3
2017-01-18bplist: Improve UINT_TO_HOST macro, remove uint24_from_be functionGravatar Nikias Bassen1-17/+11
The uint24_from_be function used memcpy and a call to byte_convert. Instead the macro now shifts the data appropriately with a new beNtoh macro that eventually uses be64toh. This commit also fixes the problem where binary plist data with other non-power-of-2 sizes (like 5,6, or 7) where not handled correctly, and actually supports sizes larger than 8 bytes though only the last 8 bytes are actually converted (nobody will come up with such a large plist anyway).
2017-01-16bplist: Disallow key nodes with non-string node typesGravatar Nikias Bassen1-0/+7
As reported in #86, the binary plist parser would force the type of the key node to be of type PLIST_KEY while the node might be of a different i.e. non-string type. A following plist_free() might then call free() on an invalid pointer; e.g. if the node is of type integer, its value would be considered a pointer, and free() would cause an error. We prevent this issue by disallowing non-string key nodes during parsing.
2017-01-11base64: Rework base64decode to handle split encoded data correctlyGravatar Nikias Bassen1-41/+27
2017-01-03xplist: Refine XML parsing error messagesGravatar Nikias Bassen1-15/+18
2017-01-03time64: Remove some unused (and non-thread-safe) functionsGravatar Nikias Bassen2-28/+0
2017-01-03win32: Try to prevent linking against libgcc_s_dw2Gravatar Nikias Bassen1-2/+2
While this works for libplist.dll, libplist++.dll will still have the _Unwind_Resume symbol being imported from libgcc_s_dw2-1.dll and there doesn't seem to be a way to prevent that.
2017-01-02xplist: Error out when invalid tags inside text nodes are encounteredGravatar Nikias Bassen1-2/+12
2017-01-02xplist: Make sure to error out when encountering empty/incomplete entitiesGravatar Nikias Bassen1-1/+5
2017-01-02xplist: Make sure to not parse for entities in empty stringsGravatar Nikias Bassen1-1/+1
2017-01-02xplist: Allow empty keys in dictionariesGravatar Nikias Bassen1-2/+2
2017-01-02xplist: Allow whitespace after name in closing tagGravatar Nikias Bassen1-2/+7
'</key >' is a perfectly valid closing tag and so is '</key >' (note the newline). This commit will make the parser skip any encountered whitespace before checking for the closing '>'.
2017-01-01xplist: Fix numerical character entity conversionGravatar Nikias Bassen1-2/+6
2016-12-21xplist: Fix UaF in code checking for closing tagGravatar Nikias Bassen1-2/+2
2016-12-21xplist: Make sure to correctly parse for closing tags of structured nodesGravatar Nikias Bassen1-7/+45
2016-12-21xplist: Make sure to stop parsing on entity errorsGravatar Nikias Bassen1-7/+11
2016-12-14xplist: Remove usage of strlen() wherever possibleGravatar Nikias Bassen1-45/+66
2016-12-14xplist: Improve text content parsing, reducing memory usage and unneeded copyingGravatar Nikias Bassen1-113/+318
2016-12-14Properly check for the availability of strptime() and make sure to use itGravatar Nikias Bassen1-1/+5
2016-12-14base64: Prevent use of strlen() in base64decode when input buffer size is knownGravatar Nikias Bassen1-7/+8
2016-11-28xplist: Fix parsing of adjacent nodes without whitespace between themGravatar Nikias Bassen1-2/+1
The context position counter was increased after encountering a closing node, e.g. '</dict>' or after a closing '</key>' node. When a node followed it directly without any whitespace inbetween, e.g. </dict><key>, parsing would fail since the parser would look at 'key>' instead of '<key>' for the next node to be parsed.
2016-11-27plist_copy: Duplicate hash tables when copying PLIST_DICT nodesGravatar Nikias Bassen1-5/+15
2016-11-18bplist: Remove misleading/redundant `else` from BPLIST_DATE case in ↵Gravatar Nikias Bassen1-4/+3
parse_bin_node
2016-11-18Improve plist_dict_set_item performance for large dictionaries with hash tableGravatar Nikias Bassen5-18/+119
2016-11-13xplist: Don't parse XML reserved characters in CDATA blocksGravatar Nikias Bassen1-0/+1
2016-11-13bplist: Fix surrogate parsing range to include U+100000 - U+1FFFFFGravatar Nikias Bassen1-2/+2
2016-11-13xplist: Support converting numerical character entitiesGravatar Nikias Bassen1-3/+51
2016-11-13xplist: Don't escape " and ' characters in node_to_xmlGravatar Nikias Bassen1-10/+0
2016-11-13xplist: Properly parse CDATA blocks in get_text_content()Gravatar Nikias Bassen1-7/+23
2016-11-10Remove libxml2 private requirement from pkg-config control fileGravatar Nikias Bassen1-1/+0
2016-11-10bplist: Make sure to error out if allocation of `used_indexes` buffer in ↵Gravatar Filippo Bigarella1-0/+6
plist_from_bin() fails If the allocation fails, a lot of bad things can happen so we check the result and return accordingly. We also check that the multiplication used to calculate the buffer size doesn't overflow. Otherwise this could lead to an allocation of a very small buffer compared to what we need, ultimately leading to arbitrary writes later on.
2016-11-10bplist: Prevent out-of-bounds read in plist_from_bin() when parsing offset_tableGravatar Filippo Bigarella1-1/+9
offset_table_index is read from the file, so we have full control over it. This means we can point offset_table essentially anywhere we want, which can lead to an out-of-bounds read when it will be used later on.
2016-11-10bplist: Make sure the index in parse_bin_node_at_index() is actually within ↵Gravatar Filippo Bigarella1-4/+13
the offset table
2016-11-10bplist: Fix possible out-of-bounds reads in parse_bin_node() with proper ↵Gravatar Filippo Bigarella1-0/+21
bounds checking
2016-11-10bplist: Fix possible out-of-bounds read in parse_dict_node() with proper ↵Gravatar Filippo Bigarella1-2/+13
bounds checking
2016-10-31xplist: Prevent UaF when parsing structured nodes failstime64Gravatar Filippo Bigarella1-0/+5
In case parsing inside `node_from_xml` called from line 842 fails, `data` gets freed by the call to `plist_free` at line 899, since `subnode` is actually created by making it point to `data` at line 684. This commit prevents this situation by bailing out whenever parsing in a deeper level of structured nodes fails.
2016-10-31xplist: Prevent heap buffer overflow when parsing empty tagsGravatar Filippo Bigarella1-1/+3
If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside the buffer pointed to by `tag`. This commit fixes it by checking the bounds of the heap buffer before writing.
2016-10-31xplist: Prevent NULL pointer dereference when parsing <real> nodesGravatar Filippo Bigarella1-0/+8
2016-10-31base64: Prevent buffer overflow by not decoding blocks with less than 4 charsGravatar Filippo Bigarella1-1/+1
2016-10-24Add pthread detection to configure.ac to get cflags and libs rightGravatar Nikias Bassen1-1/+1