| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | Since commit OpenSSL_1_1_0-pre3~178
https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f
OpenSSL automatically cleans up some of its internal data when the
program exits. This conflicts with some similar clean up
libimobiledevice attempts to do, which causes a double-free.
SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2,
and is still there in 1.1.0 as a no-op, so we can use that to free
the compression methods.
This bug can be hit with a simple idevicebackup2 --help
==14299== Invalid read of size 4
==14299==    at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263)
==14299==    by 0x508B848: ssl_library_stop (ssl_init.c:182)
==14299==    by 0x5424D11: OPENSSL_cleanup (init.c:402)
==14299==    by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56)
==14299==    by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e)
==14299==    by 0x4011232: _dl_fini (dl-fini.c:235)
==14299==    by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299==    by 0x5DC2E19: exit (exit.c:105)
==14299==    by 0x5DA8604: (below main) (libc-start.c:329)
==14299==  Address 0x6585590 is 0 bytes inside a block of size 40 free'd
==14299==    at 0x4C2FCC8: free (vg_replace_malloc.c:530)
==14299==    by 0x4E43381: sk_SSL_COMP_free (ssl.h:830)
==14299==    by 0x4E434E7: internal_idevice_deinit (idevice.c:103)
==14299==    by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299==    by 0x4E5663A: thread_once (thread.c:104)
==14299==    by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140)
==14299==    by 0x4011232: _dl_fini (dl-fini.c:235)
==14299==    by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299==    by 0x5DC2E19: exit (exit.c:105)
==14299==    by 0x5DA8604: (below main) (libc-start.c:329)
==14299==  Block was alloc'd at
==14299==    at 0x4C2EB1B: malloc (vg_replace_malloc.c:299)
==14299==    by 0x5428908: CRYPTO_zalloc (mem.c:100)
==14299==    by 0x547A9AE: OPENSSL_sk_new (stack.c:108)
==14299==    by 0x5087D43: sk_SSL_COMP_new (ssl.h:830)
==14299==    by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482)
==14299==    by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476)
==14299==    by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299==    by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299==    by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500)
==14299==    by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845)
==14299==    by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125)
==14299==    by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25)
==14299==    by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299==    by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299==    by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227)
==14299==    by 0x4E43416: internal_idevice_init (idevice.c:73)
=
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> | 
|  | The capabilities parameter is a string array not a plist. Also check
other parameters when we are at it. | 
|  | error for most failures | 
|  | There are services that would send really large plist data, e.g. when listing
provisioning profiles. Instead of forcing the data to be less than 16MB we
try to allocate a buffer as large as requested. If the allocation fails the
function returns with an error. | 
|  |  | 
|  |  | 
|  |  | 
|  | When the check of /var/db/lockdown was removed, lockdownd_do_pair started to
always return LOCKDOWN_E_INVALID_CONF instead of usually (but not always...)
returning LOCKDOWN_E_INVALID_HOST_ID for devices not currently paired. This
change not only breaks some third-party code, but also breaks the other code
in this library calling this function (lockdownd_client_new_with_handshake). | 
|  | As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl
needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some
of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is
working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0. | 
|  | During device pairing the code in lockdownd_do_pair() is checking if there
is a pair record on disk for the current device, and then requests it from
usbmuxd. This additional check is not only unnecessary since usbmuxd can
obviously only return a pair record if it exists, but is also causing issues
on newer versions of macOS where /var/db/lockdown is mode 700. | 
|  | Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()`
would return NULL on some systems and also `SSLv23_method()` fails with some older
iOS versions... | 
|  | This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093.
The change had the negative effect that connecting to older iOS devices wouldn't work anymore. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | are called with NULL arguments | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | When using ideviceinstaller, np_client_free() would block for several
minutes when ideviceinstaller cleans up after installing the
application.
This happens because the function is blocking on thread_join(), waiting
for the notification watcher thread to finish. It only ends when
np_get_notification() returns a negative value after getting a timeout,
which takes several minutes.
However, the thread loop will also exit early if client->parent gets
NULL (the loop is iterated every 500ms), so this commit ensures
client->parent gets set to NULL early in np_client_free() so that
thread_join() does not block for a long time.
Signed-off-by: Martin Szulecki <m.szulecki@libimobiledevice.org> | 
|  |  | 
|  |  | 
|  |  | 
|  | np_post_notification() | 
|  | This change keeps the debug level symbol within the internal convenience
library and makes it accessible using an internal helper. This fixes
linking, prevents new exported symbols and finally allows proper control
of enabling debug messages. | 
|  |  | 
|  |  | 
|  | When connecting with an existing pair record failed we attempted to
pair again which generated a new host id but then connect after
successful pairing tried to use host id from the old record and
failed. Make sure we forget the old host id when re-pairing.
This also fixes a possible memory leak. | 
|  |  | 
|  |  | 
|  | This simple change provides various benefits for developers like compile
time errors, better auto-completition in editors and the ability of a
debugger to show the constant instead of just the raw value.
Thanks to Aaron Burghardt for the proposal. | 
|  |  | 
|  |  |