summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-26Avoid double free with OpenSSL 1.1.0Gravatar Christophe Fergeau1-1/+9
Since commit OpenSSL_1_1_0-pre3~178 https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f OpenSSL automatically cleans up some of its internal data when the program exits. This conflicts with some similar clean up libimobiledevice attempts to do, which causes a double-free. SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2, and is still there in 1.1.0 as a no-op, so we can use that to free the compression methods. This bug can be hit with a simple idevicebackup2 --help ==14299== Invalid read of size 4 ==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263) ==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182) ==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402) ==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56) ==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd ==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530) ==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830) ==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x4E5663A: thread_once (thread.c:104) ==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Block was alloc'd at ==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299) ==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100) ==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108) ==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830) ==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482) ==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500) ==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845) ==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125) ==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227) ==14299== by 0x4E43416: internal_idevice_init (idevice.c:73) = Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-08Fix parameter check of instproxy_check_capabilities_match()Gravatar BALATON Zoltan1-1/+1
The capabilities parameter is a string array not a plist. Also check other parameters when we are at it.
2017-04-08Define htobe16 if not definedGravatar BALATON Zoltan1-0/+4
2017-04-08Added IDEVICE_DEVICE_PAIRED event constant matching the correspondingGravatar BALATON Zoltan1-1/+2
event number in libusbmuxd
2017-04-08Propagate lower level errors to callers instead of returning unknownGravatar BALATON Zoltan4-40/+46
error for most failures
2017-01-18property_list_service: Remove packet length check when receiving plist dataGravatar Antoine Reversat1-46/+43
There are services that would send really large plist data, e.g. when listing provisioning profiles. Instead of forcing the data to be less than 16MB we try to allocate a buffer as large as requested. If the allocation fails the function returns with an error.
2017-01-04ideviceprovision: Silence compiler warning (missing parenthesis)Gravatar Nikias Bassen1-1/+1
2016-12-31Add ax_pthread.m4 for proper pthread cflags/ldflagsGravatar Nikias Bassen3-12/+495
2016-12-22ideviceprovision: Fix ASN1 parsing for large provisioning profilesGravatar Nikias Bassen1-12/+35
2016-12-21cython: Make sure to pass correct CFLAGS for libplistGravatar Nikias Bassen1-1/+1
2016-12-15idevicebackup2: Fix logical bug when checking for success of backup operationGravatar Nikias Bassen1-1/+1
The condition in line 2278 is incorrectly evaluated when mb2_status_check_snapshot_state() isn't able to read the Status.plist file. While `if (-1) { ... }` will be a 'false' condition, `if (1 && -1) { ... }` will be 'true' which in this case would make idevicebackup2 assume the backup was successful while it was not. This commit fixes this issue by changing the default return value of mb2_status_check_snapshot_state() to be 0 (false). Thanks to Xiao Deng for pointing out this issue!
2016-12-15ideviceprovision: Add new remove-all command to remove all installed ↵Gravatar Nikias Bassen1-4/+61
profiles at once
2016-12-01ideviceprovision: Allow copying single profiles instead of allGravatar Nikias Bassen1-6/+32
2016-12-01ideviceprovision: Check output directory parameter for 'copy' command and ↵Gravatar Nikias Bassen1-9/+13
return exit code on error
2016-12-01ideviceprovision: Use newer API to get list of profiles on iOS 9.3+Gravatar Nikias Bassen1-2/+30
2016-12-01misagent: Add new misagent_copy_all() function (introduced in iOS 9.3)Gravatar Nikias Bassen2-1/+63
2016-11-27idevicebackup2: Plug some small memory leaksGravatar Nikias Bassen1-8/+8
2016-11-04userpref: [GnuTLS] Fix pairing record generation and improve error handlingGravatar Nikias Bassen1-40/+45
In newer GnuTLS versions the parameters supplied to gnutls_x509_privkey_import_rsa_raw() are actually checked for somewhat sane values. Since we were passing the same values for all parameters, this check fails and the device certificate is never generated. However due to missing checks the pairing record was saved anyway, with an empty device certificate. This led to TLS errors during communication, leading to the "GnuTLS: Error in pull function" error message appearing and the communication to fail. This commit fixes the issue by passing some sane values, and also improves the overall error handling during generation of the paring record.
2016-11-02idevicebackup2: Fix heap buffer out-of-bounds write caused by wrong buffer sizeGravatar Nikias Bassen1-1/+1
2016-10-21idevicebackup2: Don't report an error when file to remove doesn't existGravatar Nikias Bassen1-1/+1
2016-10-21idevicebackup2: Use remove_file() wrapper instead of remove()Gravatar Nikias Bassen1-3/+3
2016-10-05idevicebackup2: Suppress repeated printing of global status when 100% is reachedGravatar Nikias Bassen1-1/+5
2016-10-04idevicebackup2: Fix assertion occuring when copying non-present MEIDGravatar Nikias Bassen1-1/+2
2016-09-23idevicebackup2: Add installed application info to Info.plist during backupGravatar Nikias Bassen1-5/+110
For newer iOS versions, apparently >= iOS 8, iTunes stores information about installed applications inside of the Info.plist file. This commit mimics that behavior.
2016-09-18win32: Fix MinGW build by adding -lgdi32 to properly link against OpenSSLGravatar Nikias Bassen1-1/+1
2016-09-18idevicebackup2: Fix build on win32 after last commitGravatar Nikias Bassen1-14/+14
2016-09-18idevicebackup2: Fix removal of Snapshot dir during backup with iOS 10+Gravatar Nikias Bassen1-23/+78
DLMessageRemoveItems needs to recursively remove directories and this commit implements that.
2016-08-09lockdown: return LOCKDOWN_E_INVALID_HOST_ID when missing pair recordGravatar Jay Freeman (saurik)1-1/+1
When the check of /var/db/lockdown was removed, lockdownd_do_pair started to always return LOCKDOWN_E_INVALID_CONF instead of usually (but not always...) returning LOCKDOWN_E_INVALID_HOST_ID for devices not currently paired. This change not only breaks some third-party code, but also breaks the other code in this library calling this function (lockdownd_client_new_with_handshake).
2016-08-02idevice: Update GnuTLS code to support iOS 10Gravatar Jay Freeman (saurik)1-1/+1
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
2016-07-27userpref: Remove obsoleted function userpref_has_pair_record()Gravatar Jay Freeman (saurik)1-29/+0
Since pair records are meanwhile handled by usbmuxd there is no need to check for the existence of a pair record on disk. Asking usbmuxd for a pair record of a given UDID is sufficient to know if it exists or not.
2016-07-27lockdown: remove unnecessary check for pair record file during pairingGravatar Jay Freeman (saurik)1-7/+3
During device pairing the code in lockdownd_do_pair() is checking if there is a pair record on disk for the current device, and then requests it from usbmuxd. This additional check is not only unnecessary since usbmuxd can obviously only return a pair record if it exists, but is also causing issues on newer versions of macOS where /var/db/lockdown is mode 700.
2016-06-16Fix SSL version negotiation for newer versions of OpenSSLGravatar David Weinstein1-1/+1
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()` would return NULL on some systems and also `SSLv23_method()` fails with some older iOS versions...
2016-06-16Revert "Fix SSL version negotiation with newer versions of OpenSSL"Gravatar Nikias Bassen1-1/+1
This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093. The change had the negative effect that connecting to older iOS devices wouldn't work anymore.
2016-06-15Fix SSL version negotiation with newer versions of OpenSSLGravatar Nikias Bassen1-1/+1
2016-04-29Updated gnutls certificate callback to new API (backwards compatible)Gravatar Nikos Mavrogiannopoulos1-0/+13
2016-04-29configure.ac: Only check for pthread support on non-win32 platformsGravatar Arty Gus1-1/+4
2016-04-29Updated .gitignoreGravatar Nikias Bassen1-7/+2
2016-04-29configure.ac: Don't always explicitly disable opensslGravatar Kylie McClain1-1/+1
2016-04-29file_relay: Plug small memory leakGravatar Xiao Deng1-0/+1
2016-04-29diagnostics_relay: Plug small memory leakGravatar Xiao Deng1-0/+1
2016-04-29idevicedebug: Show error if container info not foundGravatar Matthias Ringwald1-10/+8
2016-04-01Add new function to get the underlying file descriptor of an idevice connectionGravatar BALATON Zoltan2-0/+26
2016-04-01Avoid potential NULL pointer dereference (leading to segfault) if functions ↵Gravatar BALATON Zoltan2-6/+10
are called with NULL arguments
2016-04-01idevicebackup: fix some timestamps that are relative to the Mac epoch ↵Gravatar BALATON Zoltan3-5/+8
instead of Unix one
2015-12-29common: [security fix] Make sure sockets only listen locallyGravatar Joshua Hill1-2/+2
2015-12-22tools: idevicecrashreport: Fix missing 0-term when creating local filenameGravatar Nikias Bassen1-1/+3
When a .synced file is encountered, the .synced should be stripped off the local filename. However the strncpy doesn't 0-terminate the string by itself so the output filename usually contains some garbage characters at the end. This commit properly 0-terminates the local filename to avoid this.
2015-12-18tools: idevicecrashreport: Propertly initialize buffer used to check for ↵Gravatar Nikias Bassen1-0/+1
ping message
2015-12-18tools: Fix inverted abort condition in idevicecrashreportGravatar Nikias Bassen1-1/+1
This bug caused it to never wait for the 'ping' message from the crashreportmover service
2015-10-21Fix installation_proxy when using GnuTLS instead of OpenSSLGravatar Jay Freeman (saurik)1-4/+4
2015-10-09common: Add missing gnutls/openssl CFLAGS to Makefile.amGravatar Nikias Bassen1-1/+1