Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
older device
On newer iOS version, ValidatePair is not mandatory to gain trusted host
status. Starting with iOS 11, the ValidatePair request has been removed from
lockdownd and will throw an error. This commit adds a version check so that
ValidatePair is only called on devices prior iOS 7.
|
|
That is, recover if gnutls_handshake() returns with non fatal
error codes like GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN.
|
|
CRYPTO_set_id_callback
CRYPTO_set_locking_callback
EVP_cleanup
CRYPTO_cleanup_all_ex_data
SSL_COMP_free_compression_methods
are all no-ops with OpenSSL 1.1.0, so we can #ifdef out the
corresponding code. This cleans up some warnings about
id_function/locking_function being defined but unused (as the calls to
CRYPTO_set_id_callback and CRYPTO_set_locking_callback disappear at
preprocessing time).
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
It's deprecated and causes compile-time warnings. We don't want to
fallback to ERR_remove_state() either as it's similarly deprecated.
This commit adds a helper functions to hide the #ifdef mess between
the various openssl versions.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
Since commit OpenSSL_1_1_0-pre3~178
https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f
OpenSSL automatically cleans up some of its internal data when the
program exits. This conflicts with some similar clean up
libimobiledevice attempts to do, which causes a double-free.
SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2,
and is still there in 1.1.0 as a no-op, so we can use that to free
the compression methods.
This bug can be hit with a simple idevicebackup2 --help
==14299== Invalid read of size 4
==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263)
==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182)
==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402)
==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56)
==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e)
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299== by 0x5DC2E19: exit (exit.c:105)
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd
==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530)
==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830)
==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x4E5663A: thread_once (thread.c:104)
==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140)
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
==14299== by 0x5DC2E19: exit (exit.c:105)
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
==14299== Block was alloc'd at
==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299)
==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100)
==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108)
==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830)
==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482)
==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500)
==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845)
==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125)
==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25)
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227)
==14299== by 0x4E43416: internal_idevice_init (idevice.c:73)
=
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
error for most failures
|
|
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl
needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some
of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is
working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
|
|
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()`
would return NULL on some systems and also `SSLv23_method()` fails with some older
iOS versions...
|
|
This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093.
The change had the negative effect that connecting to older iOS devices wouldn't work anymore.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This change keeps the debug level symbol within the internal convenience
library and makes it accessible using an internal helper. This fixes
linking, prevents new exported symbols and finally allows proper control
of enabling debug messages.
|
|
|
|
|
|
|
|
|
|
|
|
Conflicts:
include/libimobiledevice/afc.h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This refactoring is mandatory as libimobiledevice should not interact with
the pair record configuration directory which is owned by the usbmuxd user.
This change also adds compatibility for the native usbmuxd and thus pair
records saved by iTunes.
|
|
This will fix that:
lockdownd[25] <Notice>: 00484000 _receive_message: Could not receive size of message, expected 4 bytes, got -1 bytes: (54, Connection reset by peer)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
iOS 7 introduced a new pairing workflow which increases security by showing a
trust dialog to the user before pairing with the host is allowed.
The userpref system was refactored to use the native plist format, too.
Configuration files of the native implementations are used on each platform.
Former configuration files are no longer in use and can be deleted.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Returning 0 bytes sent upon error causes an infinite loop
within the calling gnutls code. Returning -1 as an error
code allows gnutls to properly detect and recover.
|