summaryrefslogtreecommitdiffstats
path: root/src/idevice.c
AgeCommit message (Collapse)AuthorFilesLines
2017-08-13lockdown: Don't explicitly validate pairing unless we're dealing with an ↵Gravatar Nikias Bassen1-0/+1
older device On newer iOS version, ValidatePair is not mandatory to gain trusted host status. Starting with iOS 11, the ValidatePair request has been removed from lockdownd and will throw an error. This commit adds a version check so that ValidatePair is only called on devices prior iOS 7.
2017-04-27gnutls: check for interrupted gnutls_handshake()Gravatar Nikos Mavrogiannopoulos1-3/+10
That is, recover if gnutls_handshake() returns with non fatal error codes like GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN.
2017-04-26 #ifdef out code which is a no-op with OpenSSL 1.1.0Gravatar Christophe Fergeau1-0/+6
CRYPTO_set_id_callback CRYPTO_set_locking_callback EVP_cleanup CRYPTO_cleanup_all_ex_data SSL_COMP_free_compression_methods are all no-ops with OpenSSL 1.1.0, so we can #ifdef out the corresponding code. This cleans up some warnings about id_function/locking_function being defined but unused (as the calls to CRYPTO_set_id_callback and CRYPTO_set_locking_callback disappear at preprocessing time). Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Don't use ERR_remove_thread_state() with OpenSSL 1.1.0Gravatar Christophe Fergeau1-14/+16
It's deprecated and causes compile-time warnings. We don't want to fallback to ERR_remove_state() either as it's similarly deprecated. This commit adds a helper functions to hide the #ifdef mess between the various openssl versions. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Avoid double free with OpenSSL 1.1.0Gravatar Christophe Fergeau1-1/+9
Since commit OpenSSL_1_1_0-pre3~178 https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f OpenSSL automatically cleans up some of its internal data when the program exits. This conflicts with some similar clean up libimobiledevice attempts to do, which causes a double-free. SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2, and is still there in 1.1.0 as a no-op, so we can use that to free the compression methods. This bug can be hit with a simple idevicebackup2 --help ==14299== Invalid read of size 4 ==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263) ==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182) ==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402) ==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56) ==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd ==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530) ==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830) ==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x4E5663A: thread_once (thread.c:104) ==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Block was alloc'd at ==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299) ==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100) ==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108) ==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830) ==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482) ==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500) ==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845) ==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125) ==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227) ==14299== by 0x4E43416: internal_idevice_init (idevice.c:73) = Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-08Propagate lower level errors to callers instead of returning unknownGravatar BALATON Zoltan1-2/+2
error for most failures
2016-08-02idevice: Update GnuTLS code to support iOS 10Gravatar Jay Freeman (saurik)1-1/+1
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
2016-06-16Fix SSL version negotiation for newer versions of OpenSSLGravatar David Weinstein1-1/+1
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()` would return NULL on some systems and also `SSLv23_method()` fails with some older iOS versions...
2016-06-16Revert "Fix SSL version negotiation with newer versions of OpenSSL"Gravatar Nikias Bassen1-1/+1
This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093. The change had the negative effect that connecting to older iOS devices wouldn't work anymore.
2016-06-15Fix SSL version negotiation with newer versions of OpenSSLGravatar Nikias Bassen1-1/+1
2016-04-29Updated gnutls certificate callback to new API (backwards compatible)Gravatar Nikos Mavrogiannopoulos1-0/+13
2016-04-01Add new function to get the underlying file descriptor of an idevice connectionGravatar BALATON Zoltan1-0/+16
2015-10-21Fix installation_proxy when using GnuTLS instead of OpenSSLGravatar Jay Freeman (saurik)1-4/+4
2015-10-06Add missing "(void)" to functions to match public headersGravatar Martin Szulecki1-1/+1
2015-01-28Remove trailing whitespace errors from all filesGravatar Martin Szulecki1-5/+5
2015-01-27idevice: Rename generic errorstring() into ssl_error_to_string()Gravatar Martin Szulecki1-2/+2
2014-10-27debug: Fix linking failure on OS X by keeping debug level symbol internalGravatar Martin Szulecki1-1/+1
This change keeps the debug level symbol within the internal convenience library and makes it accessible using an internal helper. This fixes linking, prevents new exported symbols and finally allows proper control of enabling debug messages.
2014-10-26debug: Fix symbol locality for linker so debug messages are printed againGravatar Martin Szulecki1-0/+6
2014-10-07idevice: Fix compilation with OpenSSL before 1.0.0-beta1Gravatar Martin Szulecki1-0/+12
2014-10-03Avoid exporting non-public symbolsGravatar Martin Szulecki1-16/+15
2014-10-01idevice: Fix several memory leaks on deinitialization of OpenSSLGravatar Martin Szulecki1-8/+16
2014-06-05idevice: win32: Use correct signature for DllMain()Gravatar Nikias Bassen1-2/+1
2014-03-27Moved Doxygen comments from source files to public headers.Gravatar Aaron Burghardt1-132/+0
Conflicts: include/libimobiledevice/afc.h
2014-03-24win32: Silence compiler warning about missing previous declaration of DllMainGravatar Nikias Bassen1-0/+5
2014-03-22Update copyright in various filesGravatar Martin Szulecki1-1/+2
2014-03-21implement global thread safe library initializationGravatar Nikias Bassen1-9/+80
2014-03-21idevice: Use more common "ERROR:" syntax for error messagesGravatar Martin Szulecki1-2/+2
2014-03-21idevice: Fix misleading warning in GnuTLS SSL handshakeGravatar Martin Szulecki1-2/+2
2014-03-21idevice: Plug memory leak by freeing pair_recordGravatar Martin Szulecki1-0/+6
2014-03-21idevice: Use correct import helper for keys and certsGravatar Martin Szulecki1-3/+3
2014-03-21Refactor pair record handling to use new usbmuxd pair record interfaceGravatar Martin Szulecki1-13/+18
This refactoring is mandatory as libimobiledevice should not interact with the pair record configuration directory which is owned by the usbmuxd user. This change also adds compatibility for the native usbmuxd and thus pair records saved by iTunes.
2014-03-13idevice: call SSL_shutdown a second time if requiredGravatar Nikias Bassen1-1/+4
This will fix that: lockdownd[25] <Notice>: 00484000 _receive_message: Could not receive size of message, expected 4 bytes, got -1 bytes: (54, Connection reset by peer)
2014-01-09idevice: free ssl object when SSL handshake failsGravatar Nikias Bassen1-0/+1
2014-01-09idevice: don't free ssl bio after SSL_set_bio has been calledGravatar Nikias Bassen1-2/+0
2013-11-30Fix possible memory corruption by ensuring client pointers NULL'd after freeGravatar Martin Szulecki1-0/+2
2013-11-20idevice: properly handle partial SSL_read()sGravatar Nikias Bassen1-1/+9
2013-11-04Convert stray spaces to corresponding tabsGravatar Martin Szulecki1-24/+24
2013-10-09Remove duplicate newline from debug messages as one is added automaticallyGravatar Martin Szulecki1-1/+1
2013-09-17Fix broken build of GnuTLS and silence two compiler warningsGravatar Martin Szulecki1-1/+1
2013-09-17Refactor userpref logic to use plist format and implement trust dialog handlingGravatar Martin Szulecki1-1/+1
iOS 7 introduced a new pairing workflow which increases security by showing a trust dialog to the user before pairing with the host is allowed. The userpref system was refactored to use the native plist format, too. Configuration files of the native implementations are used on each platform. Former configuration files are no longer in use and can be deleted.
2013-09-17idevice: Add udid attribute to idevice_connection_t for referencing devicesGravatar Martin Szulecki1-0/+6
2013-04-25common: Move debug and userpref code into libinternalcommonGravatar Martin Szulecki1-2/+2
2012-11-29idevice: use 'dev' instead of 'phone' as variable nameGravatar Nikias Bassen1-5/+5
2012-04-18idevice: fix openssl initialization and handle error to avoid crashGravatar Nikias Bassen1-4/+11
2012-04-08idevice: Bump libusbmuxd dependency to 1.0.8 and adopt idevice.c to API changesGravatar Martin Szulecki1-4/+4
2012-03-22Mass replace UUID by UDID, which is the correct term for itGravatar Martin Szulecki1-13/+13
2012-03-19Add OpenSSL supportGravatar Nikias Bassen1-1/+154
2012-01-12idevice: add error checking to internal_ssl_write()Gravatar Geoff Paul1-1/+5
Returning 0 bytes sent upon error causes an infinite loop within the calling gnutls code. Returning -1 as an error code allows gnutls to properly detect and recover.
2011-10-19Fix memory leak in idevice_device_list_freeGravatar Peter Hoepfner1-1/+2
2011-04-30Remove deprecated gnutls_*_set_priority() and use gnutls_priority_set_direct()Gravatar Martin Szulecki1-13/+1
This change requires gnutls >= 2.2.0 for the latter to be available. With deprecation starts with gnutls 2.12.0.