summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Andreas Henriksson2014-05-05 11:36:29 +0200
committerGravatar Andreas Henriksson2014-05-05 11:36:29 +0200
commit7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9 (patch)
treee51b552fc97a866e2664416635442f3a3000ec25
parent58a7981be35289750a61cab56deb6effae2db7ce (diff)
downloadlibimobiledevice-7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9.tar.gz
libimobiledevice-7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9.tar.bz2
lockdown: avoid crashing when getting system buid fails
When userpref_read_system_buid fails to retrieve the buid, systembuid will be set to NULL. It was then unconditionally passed to plist_new_string - which will crash with a NULL argument. See https://bugs.debian.org/730756 for people reporting this happening in the real world. See https://github.com/libimobiledevice/libimobiledevice/commit/1331f6baa1799e41003aa812c0d1bf36193535ea ("lockdown: Make sure to set SystemBUID in generated pair records") for the commit where this problem was introduced.
-rw-r--r--src/lockdown.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index cf03e0f..b96ddc6 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -743,8 +743,9 @@ static lockdownd_error_t pair_record_generate(lockdownd_client_t client, plist_t
}
/* set SystemBUID */
- userpref_read_system_buid(&system_buid);
- plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid));
+ if (userpref_read_system_buid(&system_buid)) {
+ plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid));
+ }
/* set HostID */
host_id = generate_uuid();