diff options
| author |  Andreas Henriksson | 2014-05-05 11:36:29 +0200 |
|---|---|---|
| committer | Andreas Henriksson | 2014-05-05 11:36:29 +0200 |
| commit | 7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9 (patch) | |
| tree | e51b552fc97a866e2664416635442f3a3000ec25 /src | |
| parent | 58a7981be35289750a61cab56deb6effae2db7ce (diff) | |
| download | libimobiledevice-7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9.tar.gz libimobiledevice-7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9.tar.bz2 | |
lockdown: avoid crashing when getting system buid fails
When userpref_read_system_buid fails to retrieve the buid,
systembuid will be set to NULL. It was then unconditionally passed
to plist_new_string - which will crash with a NULL argument.
See https://bugs.debian.org/730756 for people reporting this
happening in the real world.
See https://github.com/libimobiledevice/libimobiledevice/commit/1331f6baa1799e41003aa812c0d1bf36193535ea
("lockdown: Make sure to set SystemBUID in generated pair records")
for the commit where this problem was introduced.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lockdown.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index cf03e0f..b96ddc6 100644 --- a/src/lockdown.c +++ b/src/lockdown.c | |||
| @@ -743,8 +743,9 @@ static lockdownd_error_t pair_record_generate(lockdownd_client_t client, plist_t | |||
| 743 | } | 743 | } |
| 744 | 744 | ||
| 745 | /* set SystemBUID */ | 745 | /* set SystemBUID */ |
| 746 | userpref_read_system_buid(&system_buid); | 746 | if (userpref_read_system_buid(&system_buid)) { |
| 747 | plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); | 747 | plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); |
| 748 | } | ||
| 748 | 749 | ||
| 749 | /* set HostID */ | 750 | /* set HostID */ |
| 750 | host_id = generate_uuid(); | 751 | host_id = generate_uuid(); |