Age | Commit message (Collapse) | Author | Files | Lines |
|
PLIST_DATA
|
|
older device
On newer iOS version, ValidatePair is not mandatory to gain trusted host
status. Starting with iOS 11, the ValidatePair request has been removed from
lockdownd and will throw an error. This commit adds a version check so that
ValidatePair is only called on devices prior iOS 7.
|
|
device activation
|
|
|
|
|
|
|
|
That is, recover if gnutls_handshake() returns with non fatal
error codes like GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN.
|
|
|
|
CRYPTO_set_id_callback
CRYPTO_set_locking_callback
EVP_cleanup
CRYPTO_cleanup_all_ex_data
SSL_COMP_free_compression_methods
are all no-ops with OpenSSL 1.1.0, so we can #ifdef out the
corresponding code. This cleans up some warnings about
id_function/locking_function being defined but unused (as the calls to
CRYPTO_set_id_callback and CRYPTO_set_locking_callback disappear at
preprocessing time).
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
It's deprecated and causes compile-time warnings. We don't want to
fallback to ERR_remove_state() either as it's similarly deprecated.
This commit adds a helper functions to hide the #ifdef mess between
the various openssl versions.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
Since commit OpenSSL_1_1_0-pre3~178
https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f
OpenSSL automatically cleans up some of its internal data when the
program exits. This conflicts with some similar clean up
libimobiledevice attempts to do, which causes a double-free.
SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2,
and is still there in 1.1.0 as a no-op, so we can use that to free
the compression methods.
This bug can be hit with a simple idevicebackup2 --help
==14299== Invalid read of size 4
==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263)
==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182)
==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402)
==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56)
==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e)
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299== by 0x5DC2E19: exit (exit.c:105)
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd
==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530)
==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830)
==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x4E5663A: thread_once (thread.c:104)
==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140)
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299== by 0x5DC2E19: exit (exit.c:105)
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
==14299== Block was alloc'd at
==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299)
==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100)
==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108)
==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830)
==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482)
==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500)
==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845)
==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125)
==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227)
==14299== by 0x4E43416: internal_idevice_init (idevice.c:73)
=
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
The capabilities parameter is a string array not a plist. Also check
other parameters when we are at it.
|
|
|
|
event number in libusbmuxd
|
|
error for most failures
|
|
There are services that would send really large plist data, e.g. when listing
provisioning profiles. Instead of forcing the data to be less than 16MB we
try to allocate a buffer as large as requested. If the allocation fails the
function returns with an error.
|
|
|
|
|
|
|
|
|
|
The condition in line 2278 is incorrectly evaluated when
mb2_status_check_snapshot_state() isn't able to read the Status.plist file.
While `if (-1) { ... }` will be a 'false' condition, `if (1 && -1) { ... }`
will be 'true' which in this case would make idevicebackup2 assume the backup
was successful while it was not.
This commit fixes this issue by changing the default return value of
mb2_status_check_snapshot_state() to be 0 (false).
Thanks to Xiao Deng for pointing out this issue!
|
|
profiles at once
|
|
|
|
return exit code on error
|
|
|
|
|
|
|
|
In newer GnuTLS versions the parameters supplied to
gnutls_x509_privkey_import_rsa_raw() are actually checked for somewhat
sane values. Since we were passing the same values for all parameters,
this check fails and the device certificate is never generated.
However due to missing checks the pairing record was saved anyway, with
an empty device certificate. This led to TLS errors during communication,
leading to the "GnuTLS: Error in pull function" error message appearing
and the communication to fail.
This commit fixes the issue by passing some sane values, and also improves
the overall error handling during generation of the paring record.
|
|
|
|
|
|
|
|
|
|
|
|
For newer iOS versions, apparently >= iOS 8, iTunes stores information
about installed applications inside of the Info.plist file. This
commit mimics that behavior.
|
|
|
|
|
|
DLMessageRemoveItems needs to recursively remove directories and this
commit implements that.
|
|
When the check of /var/db/lockdown was removed, lockdownd_do_pair started to
always return LOCKDOWN_E_INVALID_CONF instead of usually (but not always...)
returning LOCKDOWN_E_INVALID_HOST_ID for devices not currently paired. This
change not only breaks some third-party code, but also breaks the other code
in this library calling this function (lockdownd_client_new_with_handshake).
|
|
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl
needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some
of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is
working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
|
|
Since pair records are meanwhile handled by usbmuxd there is no need to check
for the existence of a pair record on disk. Asking usbmuxd for a pair record of
a given UDID is sufficient to know if it exists or not.
|
|
During device pairing the code in lockdownd_do_pair() is checking if there
is a pair record on disk for the current device, and then requests it from
usbmuxd. This additional check is not only unnecessary since usbmuxd can
obviously only return a pair record if it exists, but is also causing issues
on newer versions of macOS where /var/db/lockdown is mode 700.
|
|
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()`
would return NULL on some systems and also `SSLv23_method()` fails with some older
iOS versions...
|
|
This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093.
The change had the negative effect that connecting to older iOS devices wouldn't work anymore.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|