commit | 8ea84caa3cba801c4f240648a6b7919e9b3e0b0d | [log] [tgz] |
---|---|---|
author | Nikias Bassen <nikias@gmx.li> | Mon Jan 31 03:27:42 2022 +0100 |
committer | Nikias Bassen <nikias@gmx.li> | Mon Jan 31 03:27:42 2022 +0100 |
tree | 3ec89ca7e0ed28ead0c76e8e9abc46fae0c6dbfc | |
parent | 7ddb1bd9e1d8bba58295d2e7e4872bcc6386968c [diff] |
jplist: Fix OOB read in parse_primitive caused by missing 0-termination In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz
A small portable C library to handle Apple Property List files in binary or XML format.
The project provides an interface to read and write plist files in binary or XML format alongside a command-line utility named plistutil
.
Some key features are:
plistutil
utility for the command-lineFirst install all required dependencies and build tools:
sudo apt-get install \ build-essential \ checkinstall \ git \ autoconf \ automake \ libtool-bin
If you want to optionally build the documentation or Python bindings use:
sudo apt-get install \ doxygen \ cython
Then clone the actual project repository:
git clone https://github.com/libimobiledevice/libplist.git cd libplist
Now you can build and install it:
./autogen.sh make sudo make install
Then simply run:
plistutil -i foobar.plist -o output.plist
This converts the foobar.plist
file to the opposite format, e.g. binary to XML or vice versa, and outputs it to the output.plist
file.
Please consult the usage information or manual page for a full documentation of available command line options:
plistutil --help man plistutil
We welcome contributions from anyone and are grateful for every pull request!
If you'd like to contribute, please fork the master
branch, change, commit and send a pull request for review. Once approved it can be merged into the main code base.
If you plan to contribute larger changes or a major refactoring, please create a ticket first to discuss the idea upfront to ensure less effort for everyone.
Please make sure your contribution adheres to:
We are still working on the guidelines so bear with us!
This project is licensed under the GNU Lesser General Public License v2.1, also included in the repository in the COPYING
file.
Apple, iPhone, iPad, iPod, iPod Touch, Apple TV, Apple Watch, Mac, iOS, iPadOS, tvOS, watchOS, and macOS are trademarks of Apple Inc.
This project is an independent software library and has not been authorized, sponsored, or otherwise approved by Apple Inc.
README Updated on: 2020-06-12