Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2013-09-17 | Refactor userpref logic to use plist format and implement trust dialog handling | Martin Szulecki | 2 | -359/+361 | |
iOS 7 introduced a new pairing workflow which increases security by showing a trust dialog to the user before pairing with the host is allowed. The userpref system was refactored to use the native plist format, too. Configuration files of the native implementations are used on each platform. Former configuration files are no longer in use and can be deleted. | |||||
2013-09-17 | common: Add helpers to read and write plist files | Martin Szulecki | 2 | -0/+106 | |
2013-07-15 | userpref: correctly NULL-terminate arguments in string_concat calls | Nikias Bassen | 1 | -2/+2 | |
2013-07-13 | common: Fix malformed binary debug message dumping | Martin Szulecki | 1 | -1/+1 | |
2013-07-13 | common: Fix WIN32 portability for recent userpref security fix | Martin Szulecki | 1 | -1/+6 | |
2013-07-13 | common: Implement stpcpy() replacement for systems lacking it | Martin Szulecki | 2 | -0/+26 | |
2013-07-02 | Bug #331 - Don't create a /tmp/root directory insecurely | Federico Mena Quintero | 1 | -29/+76 | |
When finding the user's home directory to generate a subdirectory in $HOME/.config, we would fall back to /tmp if there were no environment variables for HOME or XDG_CONFIG_HOME. Since libimobiledevice gets used by upower, and since upowerd runs as root, this would cause a /tmp/root directory to be created insecurely, leaving upowerd vulnerable to a symlink attack. Now we fall back to getpwuid_r() to find the user's home directory if it is not provided in environment variables - this is the case when upowerd gets run via systemd, for example. The result is that we'll end up creating /root/.config, a safe directory, since regular users cannot create symlinks in /root. In the future we'll need a way for libimobiledevice to find where to store its pairing data on behalf of the console user, rather than writing it to /root. http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use | |||||
2013-07-02 | common: Add utils.[ch] with a string_concat() function | Federico Mena Quintero | 3 | -1/+114 | |
Instead of doing malloc() and repeated strcat(), which is an O(n^2) way to concatenate multiple strings, we define a single O(total_len) function that uses stpcpy(). This will also make the rest of the code more legible and safer. | |||||
2013-05-23 | Silence compiler warnings for win32 builds | Martin Szulecki | 2 | -1/+3 | |
2013-04-25 | common: Move debug and userpref code into libinternalcommon | Martin Szulecki | 5 | -1/+1465 | |
2013-03-20 | move thread and socket code to "common" subdir | Nikias Bassen | 5 | -0/+600 | |