1 files changed, 46 insertions, 70 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index 2f48dfd..63f9090 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -62,7 +62,6 @@ iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone)
        control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t));
        control->in_SSL = 0;
-        control->gtls_buffer_hack_len = 0;
        return control;
 }
@@ -152,7 +151,6 @@ static void iphone_lckd_stop_SSL_session(iphone_lckd_client_t client)
                free(client->ssl_session);
        }
        client->in_SSL = 0;
-        client->gtls_buffer_hack_len = 0;       // dunno if required?!
        return;
 }
@@ -467,6 +465,10 @@ iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client
        char *host_id = NULL;
        iphone_lckd_client_t client_loc = new_lockdownd_client(device);
+        if (!client_loc) {
+                log_debug_msg("FATAL: lockdownd client could not be created!\n");
+                return IPHONE_E_UNKNOWN_ERROR;
+        }
        if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) {
                log_debug_msg("Hello failed in the lockdownd client.\n");
                ret = IPHONE_E_NOT_ENOUGH_DATA;
@@ -801,7 +803,7 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t
 iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID)
 {
        plist_t dict = NULL;
-        uint32_t  return_me = 0;
+        uint32_t return_me = 0;
        iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;
        control->session_id[0] = '\0';
@@ -956,79 +958,53 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size
 ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length)
 {
        int bytes = 0, pos_start_fill = 0;
-        char *hackhackhack = NULL;
+        int tbytes = 0;
+        int this_len = length;
+        iphone_error_t res;
        iphone_lckd_client_t control;
        control = (iphone_lckd_client_t) transport;
-        log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead() called\nlength = %zi\n", length);
+        char *recv_buffer;
-        // Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more.
-        if (control->gtls_buffer_hack_len > 0) {
+        log_debug_msg("lockdownd_securead() called\nlength = %zi\n", length);
-                if (length > control->gtls_buffer_hack_len) {   // If it's asking for more than we got
-                        length -= control->gtls_buffer_hack_len;        // Subtract what we have from their requested length
+        log_debug_msg("pre-read\nclient wants %zi bytes\n", length);
-                        pos_start_fill = control->gtls_buffer_hack_len; // set the pos to start filling at
-                        memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len);       // Fill their buffer partially
+        recv_buffer = (char *) malloc(sizeof(char) * this_len);
-                        free(control->gtls_buffer_hack);        // free our memory, it's not chained anymore
-                        control->gtls_buffer_hack_len = 0;      // we don't have a hack buffer anymore
+        // repeat until we have the full data or an error occurs.
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Did a partial fill to help quench thirst for data\n");
+        do {
-                } else if (length < control->gtls_buffer_hack_len) {    // If it's asking for less...
+                if ((res = iphone_mux_recv(control->connection, recv_buffer, this_len, &bytes)) != IPHONE_E_SUCCESS) {
-                        control->gtls_buffer_hack_len -= length;        // subtract what they're asking for
+                        log_debug_msg("%s: ERROR: iphone_mux_recv returned %d\n", __func__, res);
-                        memcpy(buffer, control->gtls_buffer_hack, length);      // fill their buffer
+                        return res;
-                        hackhackhack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len);   // strndup is NOT a good solution -- concatenates \0!!!! Anyway, make a new "hack" buffer.
-                        memcpy(hackhackhack, control->gtls_buffer_hack + length, control->gtls_buffer_hack_len);        // Move what's left into the new one
-                        free(control->gtls_buffer_hack);        // Free the old one
-                        control->gtls_buffer_hack = hackhackhack;       // And make it the new one.
-                        hackhackhack = NULL;
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Quenched the thirst for data; new hack length is %i\n",
-                                                control->gtls_buffer_hack_len);
-                        return length;          // hand it over.
-                } else {                                // length == hack length
-                        memcpy(buffer, control->gtls_buffer_hack, length);      // copy our buffer into theirs
-                        free(control->gtls_buffer_hack);        // free our "obligation"
-                        control->gtls_buffer_hack_len = 0;      // free our "obligation"
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Satiated the thirst for data; now we have to eventually receive again.\n");
-                        return length;          // hand it over
                }
-        }
+                log_debug_msg("post-read\nwe got %i bytes\n", bytes);
-        // End buffering hack!
-        char *recv_buffer = (char *) malloc(sizeof(char) * (length * 1000));    // ensuring nothing stupid happens
+                if (bytes < 0) {
+                        log_debug_msg("lockdownd_securead(): uh oh\n");
-        log_dbg_msg(DBGMASK_LOCKDOWND, "pre-read\nclient wants %zi bytes\n", length);
+                        log_debug_msg
-        iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes);
+                                ("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
-        log_dbg_msg(DBGMASK_LOCKDOWND, "post-read\nwe got %i bytes\n", bytes);
+                                 usb_strerror(), strerror(errno));
-        if (bytes < 0) {
+                        return bytes;           // + 28;      // an errno
-                log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead(): uh oh\n");
-                log_dbg_msg(DBGMASK_LOCKDOWND,
-                                        "I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
-                                        usb_strerror(), strerror(errno));
-                return bytes + 28;              // an errno
-        }
-        if (bytes >= length) {
-                if (bytes > length) {
-                        log_dbg_msg(DBGMASK_LOCKDOWND,
-                                                "lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n");
-                        if (!control->gtls_buffer_hack_len) {   // if there's no hack buffer yet
-                                //control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution!
-                                control->gtls_buffer_hack_len += bytes - length;
-                                control->gtls_buffer_hack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len);
-                                memcpy(control->gtls_buffer_hack, recv_buffer + length, control->gtls_buffer_hack_len);
-                        } else {                        // if there is. 
-                                control->gtls_buffer_hack =
-                                        realloc(control->gtls_buffer_hack, control->gtls_buffer_hack_len + (bytes - length));
-                                memcpy(control->gtls_buffer_hack + control->gtls_buffer_hack_len, recv_buffer + length, bytes - length);
-                                control->gtls_buffer_hack_len += bytes - length;
-                        }
                }
-                memcpy(buffer + pos_start_fill, recv_buffer, length);
+                // increase read count
-                free(recv_buffer);
+                tbytes += bytes;
-                if (bytes == length) {
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Returning how much we received.\n");
+                // fill the buffer with what we got right now
-                        return bytes;
+                memcpy(buffer + pos_start_fill, recv_buffer, bytes);
-                } else {
+                pos_start_fill += bytes;
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Returning what they want to hear.\nHack length: %i\n",
-                                                control->gtls_buffer_hack_len);
+                if (tbytes >= length) {
-                        return length;
+                        break;
                }
+                this_len = length - tbytes;
+                log_debug_msg("re-read\ntrying to read missing %i bytes\n", this_len);
+        } while (tbytes < length);
+        if (recv_buffer) {
+                free(recv_buffer);
        }
-        return bytes;
+        return tbytes;
 }
 /** Command to start the desired service

diff --git a/src/lockdown.c b/src/lockdown.c index 2f48dfd..63f9090 100644 --- a/src/lockdown.c +++ b/src/lockdown.c
@@ -62,7 +62,6 @@ iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone)
62		62
63	control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t));	63	control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t));
64	control->in_SSL = 0;	64	control->in_SSL = 0;
65	control->gtls_buffer_hack_len = 0;
66	return control;	65	return control;
67	}	66	}
68		67
@@ -152,7 +151,6 @@ static void iphone_lckd_stop_SSL_session(iphone_lckd_client_t client)
152	free(client->ssl_session);	151	free(client->ssl_session);
153	}	152	}
154	client->in_SSL = 0;	153	client->in_SSL = 0;
155	client->gtls_buffer_hack_len = 0; // dunno if required?!
156		154
157	return;	155	return;
158	}	156	}
@@ -467,6 +465,10 @@ iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client
467	char *host_id = NULL;	465	char *host_id = NULL;
468		466
469	iphone_lckd_client_t client_loc = new_lockdownd_client(device);	467	iphone_lckd_client_t client_loc = new_lockdownd_client(device);
		468	if (!client_loc) {
		469	log_debug_msg("FATAL: lockdownd client could not be created!\n");
		470	return IPHONE_E_UNKNOWN_ERROR;
		471	}
470	if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) {	472	if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) {
471	log_debug_msg("Hello failed in the lockdownd client.\n");	473	log_debug_msg("Hello failed in the lockdownd client.\n");
472	ret = IPHONE_E_NOT_ENOUGH_DATA;	474	ret = IPHONE_E_NOT_ENOUGH_DATA;
@@ -801,7 +803,7 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t
801	iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID)	803	iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID)
802	{	804	{
803	plist_t dict = NULL;	805	plist_t dict = NULL;
804	uint32_t return_me = 0;	806	uint32_t return_me = 0;
805		807
806	iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;	808	iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;
807	control->session_id[0] = '\0';	809	control->session_id[0] = '\0';
@@ -956,79 +958,53 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size
956	ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length)	958	ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length)
957	{	959	{
958	int bytes = 0, pos_start_fill = 0;	960	int bytes = 0, pos_start_fill = 0;
959	char *hackhackhack = NULL;	961	int tbytes = 0;
		962	int this_len = length;
		963	iphone_error_t res;
960	iphone_lckd_client_t control;	964	iphone_lckd_client_t control;
961	control = (iphone_lckd_client_t) transport;	965	control = (iphone_lckd_client_t) transport;
962	log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead() called\nlength = %zi\n", length);	966	char *recv_buffer;
963	// Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more.	967
964	if (control->gtls_buffer_hack_len > 0) {	968	log_debug_msg("lockdownd_securead() called\nlength = %zi\n", length);
965	if (length > control->gtls_buffer_hack_len) { // If it's asking for more than we got	969
966	length -= control->gtls_buffer_hack_len; // Subtract what we have from their requested length	970	log_debug_msg("pre-read\nclient wants %zi bytes\n", length);
967	pos_start_fill = control->gtls_buffer_hack_len; // set the pos to start filling at	971
968	memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len); // Fill their buffer partially	972	recv_buffer = (char ) malloc(sizeof(char) this_len);
969	free(control->gtls_buffer_hack); // free our memory, it's not chained anymore	973
970	control->gtls_buffer_hack_len = 0; // we don't have a hack buffer anymore	974	// repeat until we have the full data or an error occurs.
971	log_dbg_msg(DBGMASK_LOCKDOWND, "Did a partial fill to help quench thirst for data\n");	975	do {
972	} else if (length < control->gtls_buffer_hack_len) { // If it's asking for less...	976	if ((res = iphone_mux_recv(control->connection, recv_buffer, this_len, &bytes)) != IPHONE_E_SUCCESS) {
973	control->gtls_buffer_hack_len -= length; // subtract what they're asking for	977	log_debug_msg("%s: ERROR: iphone_mux_recv returned %d\n", __func__, res);
974	memcpy(buffer, control->gtls_buffer_hack, length); // fill their buffer	978	return res;
975	hackhackhack = (char ) malloc(sizeof(char) control->gtls_buffer_hack_len); // strndup is NOT a good solution -- concatenates \0!!!! Anyway, make a new "hack" buffer.
976	memcpy(hackhackhack, control->gtls_buffer_hack + length, control->gtls_buffer_hack_len); // Move what's left into the new one
977	free(control->gtls_buffer_hack); // Free the old one
978	control->gtls_buffer_hack = hackhackhack; // And make it the new one.
979	hackhackhack = NULL;
980	log_dbg_msg(DBGMASK_LOCKDOWND, "Quenched the thirst for data; new hack length is %i\n",
981	control->gtls_buffer_hack_len);
982	return length; // hand it over.
983	} else { // length == hack length
984	memcpy(buffer, control->gtls_buffer_hack, length); // copy our buffer into theirs
985	free(control->gtls_buffer_hack); // free our "obligation"
986	control->gtls_buffer_hack_len = 0; // free our "obligation"
987	log_dbg_msg(DBGMASK_LOCKDOWND, "Satiated the thirst for data; now we have to eventually receive again.\n");
988	return length; // hand it over
989	}	979	}
990	}	980	log_debug_msg("post-read\nwe got %i bytes\n", bytes);
991	// End buffering hack!	981
992	char recv_buffer = (char ) malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens	982	if (bytes < 0) {
993		983	log_debug_msg("lockdownd_securead(): uh oh\n");
994	log_dbg_msg(DBGMASK_LOCKDOWND, "pre-read\nclient wants %zi bytes\n", length);	984	log_debug_msg
995	iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes);	985	("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
996	log_dbg_msg(DBGMASK_LOCKDOWND, "post-read\nwe got %i bytes\n", bytes);	986	usb_strerror(), strerror(errno));
997	if (bytes < 0) {	987	return bytes; // + 28; // an errno
998	log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead(): uh oh\n");
999	log_dbg_msg(DBGMASK_LOCKDOWND,
1000	"I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
1001	usb_strerror(), strerror(errno));
1002	return bytes + 28; // an errno
1003	}
1004	if (bytes >= length) {
1005	if (bytes > length) {
1006	log_dbg_msg(DBGMASK_LOCKDOWND,
1007	"lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n");
1008	if (!control->gtls_buffer_hack_len) { // if there's no hack buffer yet
1009	//control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution!
1010	control->gtls_buffer_hack_len += bytes - length;
1011	control->gtls_buffer_hack = (char ) malloc(sizeof(char) control->gtls_buffer_hack_len);
1012	memcpy(control->gtls_buffer_hack, recv_buffer + length, control->gtls_buffer_hack_len);
1013	} else { // if there is.
1014	control->gtls_buffer_hack =
1015	realloc(control->gtls_buffer_hack, control->gtls_buffer_hack_len + (bytes - length));
1016	memcpy(control->gtls_buffer_hack + control->gtls_buffer_hack_len, recv_buffer + length, bytes - length);
1017	control->gtls_buffer_hack_len += bytes - length;
1018	}
1019	}	988	}
1020	memcpy(buffer + pos_start_fill, recv_buffer, length);	989	// increase read count
1021	free(recv_buffer);	990	tbytes += bytes;
1022	if (bytes == length) {	991
1023	log_dbg_msg(DBGMASK_LOCKDOWND, "Returning how much we received.\n");	992	// fill the buffer with what we got right now
1024	return bytes;	993	memcpy(buffer + pos_start_fill, recv_buffer, bytes);
1025	} else {	994	pos_start_fill += bytes;
1026	log_dbg_msg(DBGMASK_LOCKDOWND, "Returning what they want to hear.\nHack length: %i\n",	995
1027	control->gtls_buffer_hack_len);	996	if (tbytes >= length) {
1028	return length;	997	break;
1029	}	998	}
		999
		1000	this_len = length - tbytes;
		1001	log_debug_msg("re-read\ntrying to read missing %i bytes\n", this_len);
		1002	} while (tbytes < length);
		1003	if (recv_buffer) {
		1004	free(recv_buffer);
1030	}	1005	}
1031	return bytes;	1006
		1007	return tbytes;
1032	}	1008	}
1033		1009
1034	/** Command to start the desired service	1010	/** Command to start the desired service