Bug #6365
Plist parser can segfault
| Status: | Accepted | Start date: | 02/17/2011 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  Gary Larizza |
% Done: | 0% |
|
| Category: | library | |||
| Target version: | 1.6.x | |||
| Keywords: | Affected Facter version: | |||
| Branch: | ||||
| Votes: | 0 |
Description
The vendored plist parser can (and will) segfault when fed valid OSX plists because it attempts to interpret the contents of data tags using Marshal. In no case does the Marshal process presently produce valid results; we always/only care about the result produced by the rescue clause in the cases where it doesn’t segfault.
Simplifying the code to never call Marshal:
diff --git a/lib/facter/util/plist/parser.rb b/lib/facter/util/plist/parser.rb
index 48e1034..61d0a3e 100644
--- a/lib/facter/util/plist/parser.rb
+++ b/lib/facter/util/plist/parser.rb
@@ -209,16 +209,7 @@ module Plist
require 'base64'
class PData < PTag
def to_ruby
- data = Base64.decode64(text.gsub(/\s+/, ''))
-
- begin
- return Marshal.load(data)
- rescue Exception => e
- io = StringIO.new
- io.write data
- io.rewind
- return io
- end
+ StringIO.new(Base64.decode64(text.gsub(/\s+/, '')))
end
end
end
…gives us the same results but without the segfaults.
History
Updated by James Turnbull about 1 year ago
- Category set to library
- Status changed from Accepted to Needs More Information
- Assignee set to Markus Roberts
Markus – what’s the status of this? IS there a branch? a +1? I can’t see the code on the dev list.
Updated by Adrien Thebo 7 months ago
- Assignee deleted (
Markus Roberts)
Updated by Ken Barber 6 months ago
- Status changed from Needs More Information to Accepted
- Target version set to 1.6.x
Updated by Ben Hughes 4 months ago
- Description updated (diff)
- Status changed from Accepted to Unreviewed
Updated by Michael Stahnke 4 months ago
- Description updated (diff)
- Status changed from Unreviewed to Accepted
- Assignee set to Gary Larizza
Gary, I think this has been what you’ve kind of been working on in your spare time. Assigning to you.