From 1728254f3a51b8b4d7de902dd53f12141085109c Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Tue, 12 Jul 2016 23:34:27 +0200 Subject: Remove some unneded variables and conditionals and plug some potential memory leaks --- src/dfu.c | 45 +++++++------------ src/idevicerestore.c | 4 +- src/normal.c | 16 +++---- src/recovery.c | 13 +++--- src/restore.c | 122 ++++++++++++++++++++------------------------------- 5 files changed, 79 insertions(+), 121 deletions(-) diff --git a/src/dfu.c b/src/dfu.c index 993692d..124d2c7 100644 --- a/src/dfu.c +++ b/src/dfu.c @@ -44,7 +44,6 @@ int dfu_client_new(struct idevicerestore_client_t* client) { int i = 0; int attempts = 10; irecv_client_t dfu = NULL; - irecv_error_t dfu_error = IRECV_E_UNKNOWN_ERROR; if (client->dfu == NULL) { client->dfu = (struct dfu_client_t*)malloc(sizeof(struct dfu_client_t)); @@ -56,8 +55,7 @@ int dfu_client_new(struct idevicerestore_client_t* client) { } for (i = 1; i <= attempts; i++) { - dfu_error = irecv_open_with_ecid(&dfu, client->ecid); - if (dfu_error == IRECV_E_SUCCESS) { + if (irecv_open_with_ecid(&dfu, client->ecid) == IRECV_E_SUCCESS) { break; } @@ -90,12 +88,10 @@ void dfu_client_free(struct idevicerestore_client_t* client) { int dfu_check_mode(struct idevicerestore_client_t* client, int* mode) { irecv_client_t dfu = NULL; - irecv_error_t dfu_error = IRECV_E_SUCCESS; int probe_mode = -1; irecv_init(); - dfu_error = irecv_open_with_ecid(&dfu, client->ecid); - if (dfu_error != IRECV_E_SUCCESS) { + if (irecv_open_with_ecid(&dfu, client->ecid) != IRECV_E_SUCCESS) { return -1; } @@ -119,18 +115,16 @@ const char* dfu_check_hardware_model(struct idevicerestore_client_t* client) { irecv_device_t device = NULL; irecv_init(); - dfu_error = irecv_open_with_ecid(&dfu, client->ecid); - if (dfu_error != IRECV_E_SUCCESS) { + if (irecv_open_with_ecid(&dfu, client->ecid) != IRECV_E_SUCCESS) { return NULL; } dfu_error = irecv_devices_get_device_by_client(dfu, &device); + irecv_close(dfu); if (dfu_error != IRECV_E_SUCCESS) { return NULL; } - irecv_close(dfu); - return device->hardware_model; } @@ -150,11 +144,7 @@ int dfu_send_buffer(struct idevicerestore_client_t* client, unsigned char* buffe } int dfu_send_component(struct idevicerestore_client_t* client, plist_t build_identity, const char* component) { - uint32_t size = 0; - unsigned char* data = NULL; char* path = NULL; - irecv_error_t err = 0; - int flag = 1; if (client->tss) { if (tss_response_get_path_by_entry(client->tss, component, &path) < 0) { @@ -164,8 +154,7 @@ int dfu_send_component(struct idevicerestore_client_t* client, plist_t build_ide if (!path) { if (build_identity_get_component_path(build_identity, component, &path) < 0) { error("ERROR: Unable to get path for component '%s'\n", component); - if (path) - free(path); + free(path); return -1; } } @@ -178,17 +167,21 @@ int dfu_send_component(struct idevicerestore_client_t* client, plist_t build_ide free(path); return -1; } + free(path); + path = NULL; + + unsigned char* data = NULL; + uint32_t size = 0; if (personalize_component(component, component_data, component_size, client->tss, &data, &size) < 0) { error("ERROR: Unable to get personalized component: %s\n", component); free(component_data); - free(path); return -1; } free(component_data); component_data = NULL; - if (!client->image4supported && (client->build_major > 8) && !(client->flags & FLAG_CUSTOM) && (strcmp(component, "iBEC") == 0)) { + if (!client->image4supported && client->build_major > 8 && !(client->flags & FLAG_CUSTOM) && !strcmp(component, "iBEC")) { unsigned char* ticket = NULL; unsigned int tsize = 0; if (tss_response_get_ap_ticket(client->tss, &ticket, &tsize) < 0) { @@ -196,26 +189,23 @@ int dfu_send_component(struct idevicerestore_client_t* client, plist_t build_ide return -1; } uint32_t fillsize = 0; - if ((tsize % 0x40) != 0) { - fillsize = 0x40 - (tsize % 0x40); + if (tsize % 64 != 0) { + fillsize = ((tsize / 64) + 1) * 64; } debug("ticket size = %d\nfillsize = %d\n", tsize, fillsize); - unsigned char* newdata = (unsigned char*)malloc(tsize + fillsize + size); + unsigned char* newdata = (unsigned char*)malloc(size + fillsize); memcpy(newdata, ticket, tsize); - memset(newdata+tsize, '\xFF', fillsize); - memcpy(newdata+tsize+fillsize, data, size); + memset(newdata + tsize, '\xFF', fillsize - tsize); + memcpy(newdata + fillsize, data, size); free(data); data = newdata; - size += tsize; size += fillsize; - flag = 1; } info("Sending %s (%d bytes)...\n", component, size); // FIXME: Did I do this right???? - err = irecv_send_buffer(client->dfu->client, data, size, flag); - free(path); + irecv_error_t err = irecv_send_buffer(client->dfu->client, data, size, 1); if (err != IRECV_E_SUCCESS) { error("ERROR: Unable to send %s component: %s\n", component, irecv_strerror(err)); free(data); @@ -325,7 +315,6 @@ int dfu_get_sep_nonce(struct idevicerestore_client_t* client, unsigned char** no } int dfu_enter_recovery(struct idevicerestore_client_t* client, plist_t build_identity) { - irecv_error_t dfu_error = IRECV_E_SUCCESS; int mode = 0; if (dfu_client_new(client) < 0) { diff --git a/src/idevicerestore.c b/src/idevicerestore.c index acf171d..01901d6 100644 --- a/src/idevicerestore.c +++ b/src/idevicerestore.c @@ -1740,10 +1740,8 @@ int personalize_component(const char *component_name, const unsigned char* compo memcpy(stitched_component, component_data, component_size); } } - - if (component_blob) - free(component_blob); } + free(component_blob); if (idevicerestore_keep_pers) { write_file(component_name, stitched_component, stitched_component_size); diff --git a/src/normal.c b/src/normal.c index c0ec2bf..8101b72 100644 --- a/src/normal.c +++ b/src/normal.c @@ -220,14 +220,13 @@ int normal_open_with_timeout(struct idevicerestore_client_t* client) { const char* normal_check_hardware_model(struct idevicerestore_client_t* client) { idevice_t device = NULL; - char* product_type = NULL; - irecv_device_t irecv_device = NULL; lockdownd_client_t lockdown = NULL; lockdownd_error_t lockdown_error = LOCKDOWN_E_SUCCESS; + irecv_device_t irecv_device = NULL; normal_idevice_new(client, &device); if (!device) { - return product_type; + return NULL; } lockdown_error = lockdownd_client_new_with_handshake(device, &lockdown, "idevicerestore"); @@ -236,22 +235,23 @@ const char* normal_check_hardware_model(struct idevicerestore_client_t* client) } if (lockdown_error != LOCKDOWN_E_SUCCESS) { idevice_free(device); - return product_type; + return NULL; } plist_t pval = NULL; lockdownd_get_value(lockdown, NULL, "HardwareModel", &pval); if (pval && (plist_get_node_type(pval) == PLIST_STRING)) { - char* strval = NULL; + char *strval = NULL; plist_get_string_val(pval, &strval); if (strval) { irecv_devices_get_device_by_hardware_model(strval, &irecv_device); free(strval); } } - if (pval) { - plist_free(pval); - } + plist_free(pval); + + lockdownd_client_free(lockdown); + idevice_free(device); return (irecv_device) ? irecv_device->hardware_model : NULL; } diff --git a/src/recovery.c b/src/recovery.c index 134742e..13612c4 100644 --- a/src/recovery.c +++ b/src/recovery.c @@ -168,17 +168,13 @@ int recovery_enter_restore(struct idevicerestore_client_t* client, plist_t build char* value = NULL; irecv_getenv(client->recovery->client, "build-version", &value); info("iBoot build-version=%s\n", (value) ? value : "(unknown)"); - if (value) { - free(value); - value = NULL; - } + free(value); + value = NULL; irecv_getenv(client->recovery->client, "build-style", &value); info("iBoot build-style=%s\n", (value) ? value : "(unknown)"); - if (value) { - free(value); - value = NULL; - } + free(value); + value = NULL; unsigned long radio_error = 0; irecv_getenv(client->recovery->client, "radio-error", &value); @@ -273,6 +269,7 @@ int recovery_send_component(struct idevicerestore_client_t* client, plist_t buil if (!path) { if (build_identity_get_component_path(build_identity, component, &path) < 0) { error("ERROR: Unable to get path for component '%s'\n", component); + free(path); return -1; } } diff --git a/src/restore.c b/src/restore.c index d354ac6..6fe1049 100644 --- a/src/restore.c +++ b/src/restore.c @@ -225,24 +225,23 @@ const char* restore_check_hardware_model(struct idevicerestore_client_t* client) idevice_t device = NULL; restored_client_t restore = NULL; restored_error_t restore_error = RESTORE_E_SUCCESS; - char* product_type = NULL; irecv_device_t irecv_device = NULL; restore_idevice_new(client, &device); if (!device) { - return product_type; + return NULL; } restore_error = restored_client_new(device, &restore, "idevicerestore"); if (restore_error != RESTORE_E_SUCCESS) { idevice_free(device); - return product_type; + return NULL; } if (restored_query_type(restore, NULL, NULL) != RESTORE_E_SUCCESS) { restored_client_free(restore); idevice_free(device); - return product_type; + return NULL; } if (client->srnm == NULL) { @@ -251,41 +250,32 @@ const char* restore_check_hardware_model(struct idevicerestore_client_t* client) error("ERROR: Unable to get SerialNumber from restored\n"); restored_client_free(restore); idevice_free(device); - return product_type; + return NULL; } plist_get_string_val(node, &client->srnm); info("INFO: device serial number is %s\n", client->srnm); + plist_free(node); node = NULL; } restore_error = restored_get_value(restore, "HardwareModel", &node); - if (restore_error != RESTORE_E_SUCCESS) { - error("ERROR: Unable to get HardwareModel from restored\n"); - restored_client_free(restore); - idevice_free(device); - return product_type; - } - restored_client_free(restore); idevice_free(device); - restore = NULL; - device = NULL; - - if (!node || plist_get_node_type(node) != PLIST_STRING) { - error("ERROR: Unable to get HardwareModel information\n"); - if (node) - plist_free(node); - return product_type; + if (restore_error != RESTORE_E_SUCCESS || !node || plist_get_node_type(node) != PLIST_STRING) { + error("ERROR: Unable to get HardwareModel from restored\n"); + plist_free(node); + return NULL; } - plist_get_string_val(node, &model); + plist_get_string_val(node, &model); irecv_devices_get_device_by_hardware_model(model, &irecv_device); + free(model); if (irecv_device && irecv_device->product_type) { return irecv_device->hardware_model; } - return product_type; + return NULL; } void restore_device_callback(const idevice_event_t* event, void* userdata) { @@ -1141,7 +1131,6 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned uint64_t blob_size = 0; int zerr = 0; int zindex = -1; - int size = 0; struct zip_stat zstat; struct zip_file* zfile = NULL; struct zip* za = NULL; @@ -1180,7 +1169,7 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned goto leave; } char* ext = strrchr(signfn, '.'); - if (strcmp(ext, ".fls") == 0) { + if (!strcmp(ext, ".fls")) { is_fls = 1; } @@ -1202,30 +1191,29 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned goto leave; } - size = zstat.size; - buffer = (unsigned char*) malloc(size+1); + buffer = (unsigned char*) malloc(zstat.size + 1); if (buffer == NULL) { error("ERROR: Out of memory\n"); goto leave; } - if (zip_fread(zfile, buffer, size) != size) { + if (zip_fread(zfile, buffer, zstat.size) != zstat.size) { error("ERROR: zip_fread: failed\n"); goto leave; } - buffer[size] = '\0'; + buffer[zstat.size] = '\0'; zip_fclose(zfile); zfile = NULL; if (is_fls) { - fls = fls_parse(buffer, size); + fls = fls_parse(buffer, zstat.size); if (!fls) { error("ERROR: could not parse fls file\n"); goto leave; } } else { - mbn = mbn_parse(buffer, size); + mbn = mbn_parse(buffer, zstat.size); if (!mbn) { error("ERROR: could not parse mbn file\n"); goto leave; @@ -1256,15 +1244,17 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned free(blob); blob = NULL; + fsize = (is_fls ? fls->size : mbn->size); + fdata = (unsigned char*)malloc(fsize); + if (fdata == NULL) { + error("ERROR: out of memory\n"); + goto leave; + } if (is_fls) { - fsize = fls->size; - fdata = (unsigned char*)malloc(fsize); memcpy(fdata, fls->data, fsize); fls_free(fls); fls = NULL; } else { - fsize = mbn->size; - fdata = (unsigned char*)malloc(fsize); memcpy(fdata, mbn->data, fsize); mbn_free(mbn); mbn = NULL; @@ -1273,6 +1263,7 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned zs = zip_source_buffer(za, fdata, fsize, 1); if (!zs) { error("ERROR: out of memory\n"); + free(fdata); goto leave; } @@ -1294,33 +1285,29 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned free(iter); // remove everything but required files - int i; - int j; - int skip = 0; - int numf = zip_get_num_files(za); + int i, j, keep, numf = zip_get_num_files(za); for (i = 0; i < numf; i++) { - skip = 0; + keep = 0; // check for signed file index for (j = 0; j < signed_file_count; j++) { if (i == signed_file_idxs[j]) { - skip = 1; + keep = 1; break; } } // check for anything but .mbn and .fls if bb_nonce is set - if (bb_nonce && !skip) { + if (bb_nonce && !keep) { const char* fn = zip_get_name(za, i, 0); if (fn) { char* ext = strrchr(fn, '.'); if (ext && (!strcmp(ext, ".fls") || !strcmp(ext, ".mbn") || !strcmp(ext, ".elf") || !strcmp(ext, ".bin"))) { - skip = 1; + keep = 1; } } } - if (skip) { - continue; + if (!keep) { + zip_delete(za, i); } - zip_delete(za, i); } if (bb_nonce) { @@ -1344,23 +1331,22 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned goto leave; } - size = zstat.size; - buffer = (unsigned char*) malloc(size+1); + buffer = (unsigned char*) malloc(zstat.size + 1); if (buffer == NULL) { error("ERROR: Out of memory\n"); goto leave; } - if (zip_fread(zfile, buffer, size) != size) { + if (zip_fread(zfile, buffer, zstat.size) != zstat.size) { error("ERROR: zip_fread: failed\n"); goto leave; } - buffer[size] = '\0'; + buffer[zstat.size] = '\0'; zip_fclose(zfile); zfile = NULL; - fls = fls_parse(buffer, size); + fls = fls_parse(buffer, zstat.size); free(buffer); buffer = NULL; if (!fls) { @@ -1385,6 +1371,10 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned fsize = fls->size; fdata = (unsigned char*)malloc(fsize); + if (!fdata) { + error("ERROR: out of memory\n"); + goto leave; + } memcpy(fdata, fls->data, fsize); fls_free(fls); fls = NULL; @@ -1392,6 +1382,7 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned zs = zip_source_buffer(za, fdata, fsize, 1); if (!zs) { error("ERROR: out of memory\n"); + free(fdata); goto leave; } @@ -1434,12 +1425,6 @@ static int restore_sign_bbfw(const char* bbfwtmp, plist_t bbtss, const unsigned zs = NULL; leave: - if (mbn) { - mbn_free(mbn); - } - if (fls) { - fls_free(fls); - } if (zfile) { zip_fclose(zfile); } @@ -1450,12 +1435,10 @@ leave: zip_unchange_all(za); zip_close(za); } - if (buffer) { - free(buffer); - } - if (blob) { - free(blob); - } + mbn_free(mbn); + fls_free(fls); + free(buffer); + free(blob); return res; } @@ -1609,25 +1592,16 @@ int restore_send_baseband_data(restored_client_t restore, struct idevicerestore_ } info("Done sending BasebandData\n"); - plist_free(dict); - dict = NULL; - res = 0; leave: - if (dict) { - plist_free(dict); - } - if (buffer) { - free(buffer); - } + plist_free(dict); + free(buffer); if (bbfwtmp) { remove(bbfwtmp); free(bbfwtmp); } - if (response) { - plist_free(response); - } + plist_free(response); return res; } -- cgit v1.1-32-gdbae