diff options
| author |  Nikias Bassen | 2009-03-23 20:56:40 -0700 |
|---|---|---|
| committer |  Matt Colyer | 2009-03-23 20:56:40 -0700 |
| commit | 127a5934b593ea7fd34b16477e6dd5619101bcb9 (patch) | |
| tree | 2b99a32205b27b4e6853c276a594e6dc27623160 /src | |
| parent | bdb0f66234da6837723fc22c1e6f02c34796a188 (diff) | |
| download | libimobiledevice-127a5934b593ea7fd34b16477e6dd5619101bcb9.tar.gz libimobiledevice-127a5934b593ea7fd34b16477e6dd5619101bcb9.tar.bz2 | |
Remove lockdown gnutls buffer hack [#1 state:resolved]
Signed-off-by: Matt Colyer <matt@colyer.name>
Diffstat (limited to 'src')
| -rw-r--r-- | src/lockdown.c | 106 | ||||
| -rw-r--r-- | src/lockdown.h | 2 |
2 files changed, 42 insertions, 66 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index 2d85a03..73a8bbc 100644 --- a/src/lockdown.c +++ b/src/lockdown.c | |||
| @@ -88,7 +88,6 @@ iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone) | |||
| 88 | 88 | ||
| 89 | control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t)); | 89 | control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t)); |
| 90 | control->in_SSL = 0; | 90 | control->in_SSL = 0; |
| 91 | control->gtls_buffer_hack_len = 0; | ||
| 92 | return control; | 91 | return control; |
| 93 | } | 92 | } |
| 94 | 93 | ||
| @@ -179,7 +178,6 @@ static void iphone_lckd_stop_SSL_session(iphone_lckd_client_t client) | |||
| 179 | free(client->ssl_session); | 178 | free(client->ssl_session); |
| 180 | } | 179 | } |
| 181 | client->in_SSL = 0; | 180 | client->in_SSL = 0; |
| 182 | client->gtls_buffer_hack_len = 0; // dunno if required?! | ||
| 183 | 181 | ||
| 184 | return; | 182 | return; |
| 185 | } | 183 | } |
| @@ -459,6 +457,10 @@ iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client | |||
| 459 | char *host_id = NULL; | 457 | char *host_id = NULL; |
| 460 | 458 | ||
| 461 | iphone_lckd_client_t client_loc = new_lockdownd_client(device); | 459 | iphone_lckd_client_t client_loc = new_lockdownd_client(device); |
| 460 | if (!client_loc) { | ||
| 461 | log_debug_msg("FATAL: lockdownd client could not be created!\n"); | ||
| 462 | return IPHONE_E_UNKNOWN_ERROR; | ||
| 463 | } | ||
| 462 | if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) { | 464 | if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) { |
| 463 | log_debug_msg("Hello failed in the lockdownd client.\n"); | 465 | log_debug_msg("Hello failed in the lockdownd client.\n"); |
| 464 | ret = IPHONE_E_NOT_ENOUGH_DATA; | 466 | ret = IPHONE_E_NOT_ENOUGH_DATA; |
| @@ -969,77 +971,53 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size | |||
| 969 | ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length) | 971 | ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length) |
| 970 | { | 972 | { |
| 971 | int bytes = 0, pos_start_fill = 0; | 973 | int bytes = 0, pos_start_fill = 0; |
| 972 | char *hackhackhack = NULL; | 974 | int tbytes = 0; |
| 975 | int this_len = length; | ||
| 976 | iphone_error_t res; | ||
| 973 | iphone_lckd_client_t control; | 977 | iphone_lckd_client_t control; |
| 974 | control = (iphone_lckd_client_t) transport; | 978 | control = (iphone_lckd_client_t) transport; |
| 979 | char *recv_buffer; | ||
| 980 | |||
| 975 | log_debug_msg("lockdownd_securead() called\nlength = %zi\n", length); | 981 | log_debug_msg("lockdownd_securead() called\nlength = %zi\n", length); |
| 976 | // Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more. | ||
| 977 | if (control->gtls_buffer_hack_len > 0) { | ||
| 978 | if (length > control->gtls_buffer_hack_len) { // If it's asking for more than we got | ||
| 979 | length -= control->gtls_buffer_hack_len; // Subtract what we have from their requested length | ||
| 980 | pos_start_fill = control->gtls_buffer_hack_len; // set the pos to start filling at | ||
| 981 | memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len); // Fill their buffer partially | ||
| 982 | free(control->gtls_buffer_hack); // free our memory, it's not chained anymore | ||
| 983 | control->gtls_buffer_hack_len = 0; // we don't have a hack buffer anymore | ||
| 984 | log_debug_msg("Did a partial fill to help quench thirst for data\n"); | ||
| 985 | } else if (length < control->gtls_buffer_hack_len) { // If it's asking for less... | ||
| 986 | control->gtls_buffer_hack_len -= length; // subtract what they're asking for | ||
| 987 | memcpy(buffer, control->gtls_buffer_hack, length); // fill their buffer | ||
| 988 | hackhackhack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len); // strndup is NOT a good solution -- concatenates \0!!!! Anyway, make a new "hack" buffer. | ||
| 989 | memcpy(hackhackhack, control->gtls_buffer_hack + length, control->gtls_buffer_hack_len); // Move what's left into the new one | ||
| 990 | free(control->gtls_buffer_hack); // Free the old one | ||
| 991 | control->gtls_buffer_hack = hackhackhack; // And make it the new one. | ||
| 992 | hackhackhack = NULL; | ||
| 993 | log_debug_msg("Quenched the thirst for data; new hack length is %i\n", control->gtls_buffer_hack_len); | ||
| 994 | return length; // hand it over. | ||
| 995 | } else { // length == hack length | ||
| 996 | memcpy(buffer, control->gtls_buffer_hack, length); // copy our buffer into theirs | ||
| 997 | free(control->gtls_buffer_hack); // free our "obligation" | ||
| 998 | control->gtls_buffer_hack_len = 0; // free our "obligation" | ||
| 999 | log_debug_msg("Satiated the thirst for data; now we have to eventually receive again.\n"); | ||
| 1000 | return length; // hand it over | ||
| 1001 | } | ||
| 1002 | } | ||
| 1003 | // End buffering hack! | ||
| 1004 | char *recv_buffer = (char *) malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens | ||
| 1005 | 982 | ||
| 1006 | log_debug_msg("pre-read\nclient wants %zi bytes\n", length); | 983 | log_debug_msg("pre-read\nclient wants %zi bytes\n", length); |
| 1007 | iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes); | 984 | |
| 1008 | log_debug_msg("post-read\nwe got %i bytes\n", bytes); | 985 | recv_buffer = (char *) malloc(sizeof(char) * this_len); |
| 1009 | if (bytes < 0) { | 986 | |
| 1010 | log_debug_msg("lockdownd_securead(): uh oh\n"); | 987 | // repeat until we have the full data or an error occurs. |
| 1011 | log_debug_msg | 988 | do { |
| 1012 | ("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", | 989 | if ((res = iphone_mux_recv(control->connection, recv_buffer, this_len, &bytes)) != IPHONE_E_SUCCESS) { |
| 1013 | usb_strerror(), strerror(errno)); | 990 | log_debug_msg("%s: ERROR: iphone_mux_recv returned %d\n", __func__, res); |
| 1014 | return bytes + 28; // an errno | 991 | return res; |
| 1015 | } | 992 | } |
| 1016 | if (bytes >= length) { | 993 | log_debug_msg("post-read\nwe got %i bytes\n", bytes); |
| 1017 | if (bytes > length) { | 994 | |
| 995 | if (bytes < 0) { | ||
| 996 | log_debug_msg("lockdownd_securead(): uh oh\n"); | ||
| 1018 | log_debug_msg | 997 | log_debug_msg |
| 1019 | ("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n"); | 998 | ("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", |
| 1020 | if (!control->gtls_buffer_hack_len) { // if there's no hack buffer yet | 999 | usb_strerror(), strerror(errno)); |
| 1021 | //control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution! | 1000 | return bytes; // + 28; // an errno |
| 1022 | control->gtls_buffer_hack_len += bytes - length; | ||
| 1023 | control->gtls_buffer_hack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len); | ||
| 1024 | memcpy(control->gtls_buffer_hack, recv_buffer + length, control->gtls_buffer_hack_len); | ||
| 1025 | } else { // if there is. | ||
| 1026 | control->gtls_buffer_hack = | ||
| 1027 | realloc(control->gtls_buffer_hack, control->gtls_buffer_hack_len + (bytes - length)); | ||
| 1028 | memcpy(control->gtls_buffer_hack + control->gtls_buffer_hack_len, recv_buffer + length, bytes - length); | ||
| 1029 | control->gtls_buffer_hack_len += bytes - length; | ||
| 1030 | } | ||
| 1031 | } | 1001 | } |
| 1032 | memcpy(buffer + pos_start_fill, recv_buffer, length); | 1002 | // increase read count |
| 1033 | free(recv_buffer); | 1003 | tbytes += bytes; |
| 1034 | if (bytes == length) { | 1004 | |
| 1035 | log_debug_msg("Returning how much we received.\n"); | 1005 | // fill the buffer with what we got right now |
| 1036 | return bytes; | 1006 | memcpy(buffer + pos_start_fill, recv_buffer, bytes); |
| 1037 | } else { | 1007 | pos_start_fill += bytes; |
| 1038 | log_debug_msg("Returning what they want to hear.\nHack length: %i\n", control->gtls_buffer_hack_len); | 1008 | |
| 1039 | return length; | 1009 | if (tbytes >= length) { |
| 1010 | break; | ||
| 1040 | } | 1011 | } |
| 1012 | |||
| 1013 | this_len = length - tbytes; | ||
| 1014 | log_debug_msg("re-read\ntrying to read missing %i bytes\n", this_len); | ||
| 1015 | } while (tbytes < length); | ||
| 1016 | if (recv_buffer) { | ||
| 1017 | free(recv_buffer); | ||
| 1041 | } | 1018 | } |
| 1042 | return bytes; | 1019 | |
| 1020 | return tbytes; | ||
| 1043 | } | 1021 | } |
| 1044 | 1022 | ||
| 1045 | /** Command to start the desired service | 1023 | /** Command to start the desired service |
diff --git a/src/lockdown.h b/src/lockdown.h index 91bcc77..c30a182 100644 --- a/src/lockdown.h +++ b/src/lockdown.h | |||
| @@ -36,8 +36,6 @@ struct iphone_lckd_client_int { | |||
| 36 | iphone_umux_client_t connection; | 36 | iphone_umux_client_t connection; |
| 37 | gnutls_session_t *ssl_session; | 37 | gnutls_session_t *ssl_session; |
| 38 | int in_SSL; | 38 | int in_SSL; |
| 39 | char *gtls_buffer_hack; | ||
| 40 | int gtls_buffer_hack_len; | ||
| 41 | char session_id[40]; | 39 | char session_id[40]; |
| 42 | }; | 40 | }; |
| 43 | 41 | ||