Overview

File 0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch of Package libplist.4090

From 7391a506352c009fe044dead7baad9e22dd279ee Mon Sep 17 00:00:00 2001
From: Nikias Bassen <nikias@gmx.li>
Date: Wed, 18 Jan 2017 15:44:51 +0100
Subject: [PATCH] plistutil: Prevent OOB heap buffer read by checking input
 size

As pointed out in #87 plistutil would do a memcmp with a heap buffer
without checking the size. If the size is less than 8 it would read
beyond the bounds of this heap buffer. This commit prevents that.
---
 tools/plistutil.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/plistutil.c b/tools/plistutil.c
index 6451604..e943e76 100644
--- a/tools/plistutil.c
+++ b/tools/plistutil.c
@@ -55,6 +55,12 @@ int main(int argc, char *argv[])
     if (!iplist)
         return 1;
     stat(options->in_file, filestats);
+
+    if (filestats->st_size < 8) {
+        printf("ERROR: Input file is too small to contain valid plist data.\n");
+        return -1;
+    }
+
     plist_entire = (char *) malloc(sizeof(char) * (filestats->st_size + 1));
     read_size = fread(plist_entire, sizeof(char), filestats->st_size, iplist);
     fclose(iplist);
openSUSE Build Service is sponsored by
Places