Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
meaningful error codes
This allows clients to properly detect that a connection to the requested
port failed because it is not open on the device, instead of just returning
an "unknown error"
|
|
of DllMain
|
|
|
|
fix wrong variable in debug message
|
|
correctly
The code in lockdownd_client_new_with_handshake would call the function
lockdownd_validate_pair based on the OS version being less than 7.0 without
taking into account that Watch OS has a different versioning scheme compared
to the other device classes. For this and any future version/device specific
checks, the code now queries the DeviceClass and stores it in the
idevice_private struct.
|
|
|
|
|
|
|
|
Let's not allow OpenSSL to directly access our file descriptors
|
|
|
|
handle timeouts more adequate
idevice_connection_receive_timeout(), when in SSL mode, was assuming it should
always try to read the exact amount of data specified in `len` parameter.
While this works with most protocols that have length fields or fixed sized
headers/packets, some others (e.g. debugserver) break because it will request
a read but doesn't know the size that is expected to be returned beforehand.
This commit will handle timeouts better and return the number of bytes that
were read in such cases (instead of returning 0 bytes read + error).
Note that in the event of a timeout, IDEVICE_E_TIMEOUT will be returned even
though actual data might have been read. The number of bytes read will be
returned in recv_bytes.
|
|
|
|
|
|
|
|
|
|
|
|
This should still catch the more common case when using usbmuxd on the same
host. Not copying the scope id in that case actually removes vital routing
information.
|
|
This change removes copying the scope id for IPv6 connections which caused
problems if the usbmux connection data is used on different hosts or context.
|
|
|
|
|
|
|
|
|
|
Instead of relaying data via usbmuxd this change will have it connect directly to
the device via network after retrieving its address from usbmuxd
|
|
|
|
|
|
send SSL shutdown message. As in debugserver this message will be considered as GDB server communication and break things
|
|
|
|
including network
Instead of just returning a list of UDIDs (like idevice_get_device_list) this
function will return idevice_info_t* records which also contains the type of
the connection and the connection data.
|
|
idevice_new_with_options()
|
|
|
|
|
|
older devices
|
|
include winsock.h before windows.h'
|
|
|
|
In order to obey the timeout in idevice_connection_receive_timeout(), we are
using select() via socket_check_fd(). However, the SSL bio might have buffered
more bytes than actually requested upon a call to SSL_read(), so in the next
call to idevice_connection_receive_timeout() a select() would not find the fd
being ready to read, and make it fail with an error, after the specified
timeout is reached.
With the help of SSL_pending() we can now skip calling select() so that
SSL_read() will directly be called again.
|
|
There are several missing headers as well as deprecated functions for
which compatibility was added as needed.
|
|
|
|
|
|
|
|
|
|
|
|
older device
On newer iOS version, ValidatePair is not mandatory to gain trusted host
status. Starting with iOS 11, the ValidatePair request has been removed from
lockdownd and will throw an error. This commit adds a version check so that
ValidatePair is only called on devices prior iOS 7.
|
|
That is, recover if gnutls_handshake() returns with non fatal
error codes like GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN.
|
|
CRYPTO_set_id_callback
CRYPTO_set_locking_callback
EVP_cleanup
CRYPTO_cleanup_all_ex_data
SSL_COMP_free_compression_methods
are all no-ops with OpenSSL 1.1.0, so we can #ifdef out the
corresponding code. This cleans up some warnings about
id_function/locking_function being defined but unused (as the calls to
CRYPTO_set_id_callback and CRYPTO_set_locking_callback disappear at
preprocessing time).
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
It's deprecated and causes compile-time warnings. We don't want to
fallback to ERR_remove_state() either as it's similarly deprecated.
This commit adds a helper functions to hide the #ifdef mess between
the various openssl versions.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
Since commit OpenSSL_1_1_0-pre3~178
https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f
OpenSSL automatically cleans up some of its internal data when the
program exits. This conflicts with some similar clean up
libimobiledevice attempts to do, which causes a double-free.
SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2,
and is still there in 1.1.0 as a no-op, so we can use that to free
the compression methods.
This bug can be hit with a simple idevicebackup2 --help
==14299== Invalid read of size 4
==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263)
==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182)
==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402)
==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56)
==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e)
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299== by 0x5DC2E19: exit (exit.c:105)
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd
==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530)
==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830)
==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x4E5663A: thread_once (thread.c:104)
==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140)
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299== by 0x5DC2E19: exit (exit.c:105)
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
==14299== Block was alloc'd at
==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299)
==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100)
==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108)
==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830)
==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482)
==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500)
==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845)
==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125)
==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227)
==14299== by 0x4E43416: internal_idevice_init (idevice.c:73)
=
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
error for most failures
|
|
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl
needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some
of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is
working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
|
|
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()`
would return NULL on some systems and also `SSLv23_method()` fails with some older
iOS versions...
|