summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2019-09-05idevice: Fix handling SSL/TLS version selection for OpenSSL 1.1.0+ and for ↵Gravatar Nikias Bassen3-14/+24
older devices
2019-08-29preboard: Remove development notes from preboard.c and add info to public headerGravatar Nikias Bassen1-63/+0
2019-08-28Add preboardservice_v2 implementationGravatar Nikias Bassen3-0/+353
2019-08-18idevice: [win32] Move windows.h include after socket.h to prevent 'must ↵Gravatar Nikias Bassen1-4/+4
include winsock.h before windows.h'
2019-08-18Force use of TLSv1 for backwards compatibility with older iOS versionsGravatar Nikias Bassen1-1/+13
2019-07-19installation_proxy: Terminate worker thread before freeing property list ↵Gravatar Nikias Bassen1-1/+2
service client to prevent segfault
2019-07-19syslog_relay: Terminate worker thread before freeing service client to ↵Gravatar Nikias Bassen1-8/+1
prevent segfault
2019-07-19OpenSSL: Use SSL_pending() to determine if we want a select() before SSL_read()Gravatar Nikias Bassen1-11/+16
In order to obey the timeout in idevice_connection_receive_timeout(), we are using select() via socket_check_fd(). However, the SSL bio might have buffered more bytes than actually requested upon a call to SSL_read(), so in the next call to idevice_connection_receive_timeout() a select() would not find the fd being ready to read, and make it fail with an error, after the specified timeout is reached. With the help of SSL_pending() we can now skip calling select() so that SSL_read() will directly be called again.
2019-06-23replace all occurrences of occured by occurredGravatar Yves-Alexis Perez6-9/+9
Do it in all comments and errors messages
2019-06-22Make sure to not use deprecated API when compiling with OpenSSL >= 1.1Gravatar Rosen Penev1-1/+7
There are several missing headers as well as deprecated functions for which compatibility was added as needed.
2019-06-21Use OPENSSL_THREADID_* API for OpenSSL >= 1.0.0 && < 1.1.0Gravatar Nikias Bassen1-0/+15
2019-06-16notification_proxy: Make np_observe_notifications() atomicGravatar Nikias Bassen1-7/+14
Otherwise the notification callback might fire before all notifications that should be observed have been registered. This way the callback will only be called after _all_ notifications have been registered.
2019-06-16syslog_relay: Fix timeout issue introduced with recent libusbmuxd commit ↵Gravatar Nikias Bassen1-2/+6
ca245709
2019-06-16service: Silence timeout errorsGravatar Nikias Bassen2-9/+8
2019-06-16service: Fix typo SERIVCE_E_NOT_ENOUGH_DATA to SERVICE_E_NOT_ENOUGH_DATAGravatar Nikias Bassen2-2/+2
2019-06-14debugserver: Fix for iOS 13Gravatar Nikias Bassen1-0/+1
2019-06-13Timeout support for SSL connections and better timeout handeling.Gravatar DanyL5-68/+122
2019-06-11common: Update thread.c/.h to match the one from libusbmuxdGravatar Nikias Bassen6-14/+17
2019-06-10Make sure OpenSSL version checks don't fail when using LibreSSLGravatar Nikias Bassen1-7/+6
2019-02-12lockdown: Make sure to return correct error code when pairing failsGravatar Nikias Bassen1-1/+1
2018-09-29lockdown: Pass along usbmux device id when saving pair recordsGravatar Nikias Bassen2-1/+3
2018-09-29idevice: Add usbmux device id (handle/mux id) to internal data structureGravatar Nikias Bassen2-13/+7
2017-12-08lockdown: Plug small memory leakGravatar Nikias Bassen1-0/+1
Credit to Rudolf Tammekivi (Blefish), see issue #599
2017-12-07mobileactivation: Allow passing activation response headers as required for ↵Gravatar Nikias Bassen1-15/+45
iOS 11.2+ When activating in session mode - which is required for newer iOS versions - we can now pass the activation response headers with the activation command. For iOS 11.2+ this is mandatory or the activation will fail.
2017-12-07mobileactivation: Don't convert activation record if it is already passed as ↵Gravatar Nikias Bassen1-0/+3
PLIST_DATA
2017-08-13lockdown: Don't explicitly validate pairing unless we're dealing with an ↵Gravatar Nikias Bassen3-12/+27
older device On newer iOS version, ValidatePair is not mandatory to gain trusted host status. Starting with iOS 11, the ValidatePair request has been removed from lockdownd and will throw an error. This commit adds a version check so that ValidatePair is only called on devices prior iOS 7.
2017-07-03mobileactivation: Add new functions required for drmHandshake / session mode ↵Gravatar Nikias Bassen1-2/+73
device activation
2017-06-29Add basic mobileactivation service implementationGravatar Nikias Bassen3-0/+242
2017-04-27gnutls: check for interrupted gnutls_handshake()Gravatar Nikos Mavrogiannopoulos1-3/+10
That is, recover if gnutls_handshake() returns with non fatal error codes like GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN.
2017-04-26 #ifdef out code which is a no-op with OpenSSL 1.1.0Gravatar Christophe Fergeau1-0/+6
CRYPTO_set_id_callback CRYPTO_set_locking_callback EVP_cleanup CRYPTO_cleanup_all_ex_data SSL_COMP_free_compression_methods are all no-ops with OpenSSL 1.1.0, so we can #ifdef out the corresponding code. This cleans up some warnings about id_function/locking_function being defined but unused (as the calls to CRYPTO_set_id_callback and CRYPTO_set_locking_callback disappear at preprocessing time). Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Don't use ERR_remove_thread_state() with OpenSSL 1.1.0Gravatar Christophe Fergeau1-14/+16
It's deprecated and causes compile-time warnings. We don't want to fallback to ERR_remove_state() either as it's similarly deprecated. This commit adds a helper functions to hide the #ifdef mess between the various openssl versions. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Avoid double free with OpenSSL 1.1.0Gravatar Christophe Fergeau1-1/+9
Since commit OpenSSL_1_1_0-pre3~178 https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f OpenSSL automatically cleans up some of its internal data when the program exits. This conflicts with some similar clean up libimobiledevice attempts to do, which causes a double-free. SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2, and is still there in 1.1.0 as a no-op, so we can use that to free the compression methods. This bug can be hit with a simple idevicebackup2 --help ==14299== Invalid read of size 4 ==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263) ==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182) ==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402) ==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56) ==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd ==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530) ==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830) ==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x4E5663A: thread_once (thread.c:104) ==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Block was alloc'd at ==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299) ==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100) ==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108) ==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830) ==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482) ==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500) ==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845) ==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125) ==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227) ==14299== by 0x4E43416: internal_idevice_init (idevice.c:73) = Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-08Fix parameter check of instproxy_check_capabilities_match()Gravatar BALATON Zoltan1-1/+1
The capabilities parameter is a string array not a plist. Also check other parameters when we are at it.
2017-04-08Propagate lower level errors to callers instead of returning unknownGravatar BALATON Zoltan3-39/+45
error for most failures
2017-01-18property_list_service: Remove packet length check when receiving plist dataGravatar Antoine Reversat1-46/+43
There are services that would send really large plist data, e.g. when listing provisioning profiles. Instead of forcing the data to be less than 16MB we try to allocate a buffer as large as requested. If the allocation fails the function returns with an error.
2016-12-31Add ax_pthread.m4 for proper pthread cflags/ldflagsGravatar Nikias Bassen1-2/+2
2016-12-01misagent: Add new misagent_copy_all() function (introduced in iOS 9.3)Gravatar Nikias Bassen1-0/+40
2016-09-18win32: Fix MinGW build by adding -lgdi32 to properly link against OpenSSLGravatar Nikias Bassen1-1/+1
2016-08-09lockdown: return LOCKDOWN_E_INVALID_HOST_ID when missing pair recordGravatar Jay Freeman (saurik)1-1/+1
When the check of /var/db/lockdown was removed, lockdownd_do_pair started to always return LOCKDOWN_E_INVALID_CONF instead of usually (but not always...) returning LOCKDOWN_E_INVALID_HOST_ID for devices not currently paired. This change not only breaks some third-party code, but also breaks the other code in this library calling this function (lockdownd_client_new_with_handshake).
2016-08-02idevice: Update GnuTLS code to support iOS 10Gravatar Jay Freeman (saurik)1-1/+1
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
2016-07-27lockdown: remove unnecessary check for pair record file during pairingGravatar Jay Freeman (saurik)1-7/+3
During device pairing the code in lockdownd_do_pair() is checking if there is a pair record on disk for the current device, and then requests it from usbmuxd. This additional check is not only unnecessary since usbmuxd can obviously only return a pair record if it exists, but is also causing issues on newer versions of macOS where /var/db/lockdown is mode 700.
2016-06-16Fix SSL version negotiation for newer versions of OpenSSLGravatar David Weinstein1-1/+1
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()` would return NULL on some systems and also `SSLv23_method()` fails with some older iOS versions...
2016-06-16Revert "Fix SSL version negotiation with newer versions of OpenSSL"Gravatar Nikias Bassen1-1/+1
This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093. The change had the negative effect that connecting to older iOS devices wouldn't work anymore.
2016-06-15Fix SSL version negotiation with newer versions of OpenSSLGravatar Nikias Bassen1-1/+1
2016-04-29Updated gnutls certificate callback to new API (backwards compatible)Gravatar Nikos Mavrogiannopoulos1-0/+13
2016-04-29file_relay: Plug small memory leakGravatar Xiao Deng1-0/+1
2016-04-29diagnostics_relay: Plug small memory leakGravatar Xiao Deng1-0/+1
2016-04-01Add new function to get the underlying file descriptor of an idevice connectionGravatar BALATON Zoltan1-0/+16
2016-04-01Avoid potential NULL pointer dereference (leading to segfault) if functions ↵Gravatar BALATON Zoltan2-6/+10
are called with NULL arguments
2015-10-21Fix installation_proxy when using GnuTLS instead of OpenSSLGravatar Jay Freeman (saurik)1-4/+4