wollardj
commented
3 years ago @hexploitable - As you mention, I'm not sure this is the best solution to the problem since two 0x0a characters would slip by as would 0x20. I think you're right that it probably would be better to scan for the signature, but we'd have to think about the best way to do that without scanning all the way through the entire file in a worst case scenario.
In some cases, checking the first character fails. I'm not sure if there are other edge cases, but here's a stopgap fix. It would probably be better to look for the byte signature rather than just at the first or 2nd byte.
The code throws if
bplistParserorplist.parsefail anyway...Tested working on my side and the tests pass.