Skip to content
Permalink
Browse files Browse the repository at this point in the history
plistutil: Prevent OOB heap buffer read by checking input size
As pointed out in #87 plistutil would do a memcmp with a heap buffer
without checking the size. If the size is less than 8 it would read
beyond the bounds of this heap buffer. This commit prevents that.
  • Loading branch information
nikias committed Jan 18, 2017
1 parent 7a28a14 commit 7391a50
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions tools/plistutil.c
Expand Up @@ -129,6 +129,12 @@ int main(int argc, char *argv[])
}

stat(options->in_file, &filestats);

if (filestats.st_size < 8) {
printf("ERROR: Input file is too small to contain valid plist data.\n");
return -1;
}

plist_entire = (char *) malloc(sizeof(char) * (filestats.st_size + 1));
read_size = fread(plist_entire, sizeof(char), filestats.st_size, iplist);
fclose(iplist);
Expand Down

0 comments on commit 7391a50

Please sign in to comment.