Skip to content
Permalink
Browse files

plistutil: Prevent OOB heap buffer read by checking input size

As pointed out in #87 plistutil would do a memcmp with a heap buffer
without checking the size. If the size is less than 8 it would read
beyond the bounds of this heap buffer. This commit prevents that.
  • Loading branch information...
nikias committed Jan 18, 2017
1 parent 7a28a14 commit 7391a506352c009fe044dead7baad9e22dd279ee
Showing with 6 additions and 0 deletions.
  1. +6 −0 tools/plistutil.c
@@ -129,6 +129,12 @@ int main(int argc, char *argv[])
}

stat(options->in_file, &filestats);

if (filestats.st_size < 8) {
printf("ERROR: Input file is too small to contain valid plist data.\n");
return -1;
}

plist_entire = (char *) malloc(sizeof(char) * (filestats.st_size + 1));
read_size = fread(plist_entire, sizeof(char), filestats.st_size, iplist);
fclose(iplist);

0 comments on commit 7391a50

Please sign in to comment.
You can’t perform that action at this time.