summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2019-06-10Make sure OpenSSL version checks don't fail when using LibreSSLGravatar Nikias Bassen1-7/+6
2019-02-12lockdown: Make sure to return correct error code when pairing failsGravatar Nikias Bassen1-1/+1
2018-09-29lockdown: Pass along usbmux device id when saving pair recordsGravatar Nikias Bassen2-1/+3
2018-09-29idevice: Add usbmux device id (handle/mux id) to internal data structureGravatar Nikias Bassen2-13/+7
2017-12-08lockdown: Plug small memory leakGravatar Nikias Bassen1-0/+1
Credit to Rudolf Tammekivi (Blefish), see issue #599
2017-12-07mobileactivation: Allow passing activation response headers as required for ↵Gravatar Nikias Bassen1-15/+45
iOS 11.2+ When activating in session mode - which is required for newer iOS versions - we can now pass the activation response headers with the activation command. For iOS 11.2+ this is mandatory or the activation will fail.
2017-12-07mobileactivation: Don't convert activation record if it is already passed as ↵Gravatar Nikias Bassen1-0/+3
PLIST_DATA
2017-08-13lockdown: Don't explicitly validate pairing unless we're dealing with an ↵Gravatar Nikias Bassen3-12/+27
older device On newer iOS version, ValidatePair is not mandatory to gain trusted host status. Starting with iOS 11, the ValidatePair request has been removed from lockdownd and will throw an error. This commit adds a version check so that ValidatePair is only called on devices prior iOS 7.
2017-07-03mobileactivation: Add new functions required for drmHandshake / session mode ↵Gravatar Nikias Bassen1-2/+73
device activation
2017-06-29Add basic mobileactivation service implementationGravatar Nikias Bassen3-0/+242
2017-04-27gnutls: check for interrupted gnutls_handshake()Gravatar Nikos Mavrogiannopoulos1-3/+10
That is, recover if gnutls_handshake() returns with non fatal error codes like GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN.
2017-04-26 #ifdef out code which is a no-op with OpenSSL 1.1.0Gravatar Christophe Fergeau1-0/+6
CRYPTO_set_id_callback CRYPTO_set_locking_callback EVP_cleanup CRYPTO_cleanup_all_ex_data SSL_COMP_free_compression_methods are all no-ops with OpenSSL 1.1.0, so we can #ifdef out the corresponding code. This cleans up some warnings about id_function/locking_function being defined but unused (as the calls to CRYPTO_set_id_callback and CRYPTO_set_locking_callback disappear at preprocessing time). Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Don't use ERR_remove_thread_state() with OpenSSL 1.1.0Gravatar Christophe Fergeau1-14/+16
It's deprecated and causes compile-time warnings. We don't want to fallback to ERR_remove_state() either as it's similarly deprecated. This commit adds a helper functions to hide the #ifdef mess between the various openssl versions. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Avoid double free with OpenSSL 1.1.0Gravatar Christophe Fergeau1-1/+9
Since commit OpenSSL_1_1_0-pre3~178 https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f OpenSSL automatically cleans up some of its internal data when the program exits. This conflicts with some similar clean up libimobiledevice attempts to do, which causes a double-free. SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2, and is still there in 1.1.0 as a no-op, so we can use that to free the compression methods. This bug can be hit with a simple idevicebackup2 --help ==14299== Invalid read of size 4 ==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263) ==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182) ==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402) ==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56) ==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd ==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530) ==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830) ==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x4E5663A: thread_once (thread.c:104) ==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Block was alloc'd at ==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299) ==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100) ==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108) ==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830) ==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482) ==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500) ==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845) ==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125) ==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227) ==14299== by 0x4E43416: internal_idevice_init (idevice.c:73) = Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-08Fix parameter check of instproxy_check_capabilities_match()Gravatar BALATON Zoltan1-1/+1
The capabilities parameter is a string array not a plist. Also check other parameters when we are at it.
2017-04-08Propagate lower level errors to callers instead of returning unknownGravatar BALATON Zoltan3-39/+45
error for most failures
2017-01-18property_list_service: Remove packet length check when receiving plist dataGravatar Antoine Reversat1-46/+43
There are services that would send really large plist data, e.g. when listing provisioning profiles. Instead of forcing the data to be less than 16MB we try to allocate a buffer as large as requested. If the allocation fails the function returns with an error.
2016-12-31Add ax_pthread.m4 for proper pthread cflags/ldflagsGravatar Nikias Bassen1-2/+2
2016-12-01misagent: Add new misagent_copy_all() function (introduced in iOS 9.3)Gravatar Nikias Bassen1-0/+40
2016-09-18win32: Fix MinGW build by adding -lgdi32 to properly link against OpenSSLGravatar Nikias Bassen1-1/+1
2016-08-09lockdown: return LOCKDOWN_E_INVALID_HOST_ID when missing pair recordGravatar Jay Freeman (saurik)1-1/+1
When the check of /var/db/lockdown was removed, lockdownd_do_pair started to always return LOCKDOWN_E_INVALID_CONF instead of usually (but not always...) returning LOCKDOWN_E_INVALID_HOST_ID for devices not currently paired. This change not only breaks some third-party code, but also breaks the other code in this library calling this function (lockdownd_client_new_with_handshake).
2016-08-02idevice: Update GnuTLS code to support iOS 10Gravatar Jay Freeman (saurik)1-1/+1
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
2016-07-27lockdown: remove unnecessary check for pair record file during pairingGravatar Jay Freeman (saurik)1-7/+3
During device pairing the code in lockdownd_do_pair() is checking if there is a pair record on disk for the current device, and then requests it from usbmuxd. This additional check is not only unnecessary since usbmuxd can obviously only return a pair record if it exists, but is also causing issues on newer versions of macOS where /var/db/lockdown is mode 700.
2016-06-16Fix SSL version negotiation for newer versions of OpenSSLGravatar David Weinstein1-1/+1
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()` would return NULL on some systems and also `SSLv23_method()` fails with some older iOS versions...
2016-06-16Revert "Fix SSL version negotiation with newer versions of OpenSSL"Gravatar Nikias Bassen1-1/+1
This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093. The change had the negative effect that connecting to older iOS devices wouldn't work anymore.
2016-06-15Fix SSL version negotiation with newer versions of OpenSSLGravatar Nikias Bassen1-1/+1
2016-04-29Updated gnutls certificate callback to new API (backwards compatible)Gravatar Nikos Mavrogiannopoulos1-0/+13
2016-04-29file_relay: Plug small memory leakGravatar Xiao Deng1-0/+1
2016-04-29diagnostics_relay: Plug small memory leakGravatar Xiao Deng1-0/+1
2016-04-01Add new function to get the underlying file descriptor of an idevice connectionGravatar BALATON Zoltan1-0/+16
2016-04-01Avoid potential NULL pointer dereference (leading to segfault) if functions ↵Gravatar BALATON Zoltan2-6/+10
are called with NULL arguments
2015-10-21Fix installation_proxy when using GnuTLS instead of OpenSSLGravatar Jay Freeman (saurik)1-4/+4
2015-10-06Add missing "(void)" to functions to match public headersGravatar Martin Szulecki3-3/+3
2015-07-15lockdown: Add new lockdownd_pair_with_options() functionGravatar Nikias Bassen1-9/+28
2015-07-10lockdown: Add more error codesGravatar Nikias Bassen1-1/+9
2015-05-24lockdown: Remove unneeded plist_free() calls since entire dict is freed laterGravatar Nikias Bassen1-5/+0
2015-01-28Move pkg-config file into src directoryGravatar Martin Szulecki2-0/+15
2015-01-28Remove trailing whitespace errors from all filesGravatar Martin Szulecki44-208/+208
2015-01-27sbservices: Use more consistent name for lock/unlock methodsGravatar Martin Szulecki1-12/+12
2015-01-27installation_proxy: Use char* array to pass capabilities for related methodGravatar Martin Szulecki1-2/+11
2015-01-27installation_proxy: Use char* array to pass appids for lookup commandGravatar Martin Szulecki1-15/+28
2015-01-27installation_proxy: Use new lookup command for app path retrieval helperGravatar Martin Szulecki1-26/+8
2015-01-27installation_proxy: Refactor implementation, add new commands and helpersGravatar Martin Szulecki2-241/+594
2015-01-27installation_proxy: Add new helper to set return attributes in client optionsGravatar Martin Szulecki1-0/+21
2015-01-27installation_proxy: Improve comment formatting and some whitespacesGravatar Martin Szulecki1-3/+5
2015-01-27debugserver: Make debugserver_client_set_ack_mode() publicGravatar Martin Szulecki1-1/+1
2015-01-27idevice: Rename generic errorstring() into ssl_error_to_string()Gravatar Martin Szulecki1-2/+2
2015-01-13thread: Introduce thread_new and thread_free to cover handle leaks on WIN32Gravatar Martin Szulecki3-5/+16
2015-01-12lockdown: Refactor internal error checking and add more native errors to enumGravatar Martin Szulecki1-82/+123
2015-01-12Fix overlong blocking in np_client_free()Gravatar Christophe Fergeau1-3/+7
When using ideviceinstaller, np_client_free() would block for several minutes when ideviceinstaller cleans up after installing the application. This happens because the function is blocking on thread_join(), waiting for the notification watcher thread to finish. It only ends when np_get_notification() returns a negative value after getting a timeout, which takes several minutes. However, the thread loop will also exit early if client->parent gets NULL (the loop is iterated every 500ms), so this commit ensures client->parent gets set to NULL early in np_client_free() so that thread_join() does not block for a long time. Signed-off-by: Martin Szulecki <m.szulecki@libimobiledevice.org>