diff options
| author |  Andreas Henriksson | 2014-05-05 11:36:29 +0200 |
|---|---|---|
| committer | Andreas Henriksson | 2014-05-05 11:36:29 +0200 |
| commit | 7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9 (patch) | |
| tree | e51b552fc97a866e2664416635442f3a3000ec25 | |
| parent | 58a7981be35289750a61cab56deb6effae2db7ce (diff) | |
| download | libimobiledevice-7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9.tar.gz libimobiledevice-7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9.tar.bz2 | |
lockdown: avoid crashing when getting system buid fails
When userpref_read_system_buid fails to retrieve the buid,
systembuid will be set to NULL. It was then unconditionally passed
to plist_new_string - which will crash with a NULL argument.
See https://bugs.debian.org/730756 for people reporting this
happening in the real world.
See https://github.com/libimobiledevice/libimobiledevice/commit/1331f6baa1799e41003aa812c0d1bf36193535ea
("lockdown: Make sure to set SystemBUID in generated pair records")
for the commit where this problem was introduced.
| -rw-r--r-- | src/lockdown.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index cf03e0f..b96ddc6 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -743,8 +743,9 @@ static lockdownd_error_t pair_record_generate(lockdownd_client_t client, plist_t } /* set SystemBUID */ - userpref_read_system_buid(&system_buid); - plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); + if (userpref_read_system_buid(&system_buid)) { + plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); + } /* set HostID */ host_id = generate_uuid(); |