-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out-Of-Boundary Read when parses base64 data #84
Comments
Hi, thanks for pointing this out. I noticed some other issues in the parser, like split data, so I reworked the parsing: 3a55ddd |
Hi This has been assigned CVE-2017-5209. |
Hi, I created asdf.plist as @geekwish said: emilio@tatooine$ cat asdf.plist Now if I parse it with plist 1.12, I get: emilio@tatooine$ /opt/libplist/bin/plistutil -i asdf.plist With git commit 3a55ddd, with bbd3379 or with 6a44dfb I get instead: emilio@tatooine$ /opt/libplist/bin/plistutil -i asdf.plist (with some unicode garbage after the "@") Is that expected? That doesn't look right to me |
Ping? I'd like to issue a security update downstream with a fix for this issue, but since I'm unable to reproduce it, I can't be sure if the fix is working on the backport. Perhaps I have a bad test case? Can you add the correct one as an attachment? Thanks |
@epozuelo I am not sure what you are doing there, but if I try to convert the file
(without enclosing
so the aforementioned issue is already fixed and the parsing fails. No idea why you actually seem to get binary plist output though. |
And if it parse
one possible patch
The text was updated successfully, but these errors were encountered: