From 4222bc1b880d6535462e3b5ba5431809a3c5fddc Mon Sep 17 00:00:00 2001 From: Nikias Bassen Date: Thu, 14 Mar 2013 03:09:14 +0100 Subject: global: make sure to check service before checking service->port to prevent crashes --- dev/afccheck.c | 2 +- dev/ideviceclient.c | 17 +++++------------ src/afc.c | 2 +- src/device_link_service.c | 2 +- src/diagnostics_relay.c | 2 +- src/file_relay.c | 2 +- src/heartbeat.c | 6 +++--- src/house_arrest.c | 3 --- src/installation_proxy.c | 8 +++----- src/misagent.c | 3 --- src/mobile_image_mounter.c | 8 +++----- src/mobilebackup.c | 5 ++--- src/mobilebackup2.c | 2 +- src/mobilesync.c | 2 +- src/notification_proxy.c | 8 +++----- src/property_list_service.c | 2 +- src/sbservices.c | 3 --- src/screenshotr.c | 2 +- src/service.c | 4 ++-- src/webinspector.c | 6 +++--- tools/idevicebackup.c | 11 +++-------- tools/idevicebackup2.c | 11 +++-------- tools/idevicedebugserverproxy.c | 2 +- tools/idevicediagnostics.c | 2 +- tools/ideviceimagemounter.c | 4 ++-- tools/idevicescreenshot.c | 2 +- 26 files changed, 44 insertions(+), 77 deletions(-) diff --git a/dev/afccheck.c b/dev/afccheck.c index ead0ca0..d7ee7d1 100644 --- a/dev/afccheck.c +++ b/dev/afccheck.c @@ -111,7 +111,7 @@ int main(int argc, char *argv[]) return 1; } - if (LOCKDOWN_E_SUCCESS == lockdownd_start_service(client, "com.apple.afc", &service) && !service->port) { + if (LOCKDOWN_E_SUCCESS != lockdownd_start_service(client, "com.apple.afc", &service) || !service || !service->port) { lockdownd_client_free(client); idevice_free(phone); fprintf(stderr, "Something went wrong when starting AFC."); diff --git a/dev/ideviceclient.c b/dev/ideviceclient.c index c8635d8..778f20e 100644 --- a/dev/ideviceclient.c +++ b/dev/ideviceclient.c @@ -49,7 +49,7 @@ static void perform_notification(idevice_t phone, lockdownd_client_t client, con np_client_t np; lockdownd_start_service(client, "com.apple.mobile.notification_proxy", &service); - if (service->port) { + if (service && service->port) { printf("::::::::::::::: np was started ::::::::::::\n"); np_client_new(phone, service, &np); if (np) { @@ -109,15 +109,10 @@ int main(int argc, char *argv[]) lockdownd_start_service(client, "com.apple.afc", &service); - if (service->port) { + if (service && service->port) { afc_client_t afc = NULL; afc_client_new(phone, service, &afc); - if (service) { - lockdownd_service_descriptor_free(service); - service = NULL; - } - if (afc) { service->port = 0; service->ssl_enabled = 0; @@ -129,11 +124,6 @@ int main(int argc, char *argv[]) printf("ERROR: Notification proxy could not be started.\n"); } - if (service) { - lockdownd_service_descriptor_free(service); - service = NULL; - } - if (gnp) { const char *nspec[5] = { NP_SYNC_CANCEL_REQUEST, @@ -266,6 +256,9 @@ int main(int argc, char *argv[]) } afc_client_free(afc); + + lockdownd_service_descriptor_free(service); + service = NULL; } else { printf("Start service failure.\n"); } diff --git a/src/afc.c b/src/afc.c index d61032d..c281e2c 100644 --- a/src/afc.c +++ b/src/afc.c @@ -123,7 +123,7 @@ afc_error_t afc_client_new_with_service_client(service_client_t service_client, */ afc_error_t afc_client_new(idevice_t device, lockdownd_service_descriptor_t service, afc_client_t * client) { - if (!device || service->port == 0) + if (!device || !service || service->port == 0) return AFC_E_INVALID_ARG; service_client_t parent = NULL; diff --git a/src/device_link_service.c b/src/device_link_service.c index ac89211..2608b9f 100644 --- a/src/device_link_service.c +++ b/src/device_link_service.c @@ -84,7 +84,7 @@ static int device_link_service_get_message(plist_t dl_msg, char **message) */ device_link_service_error_t device_link_service_client_new(idevice_t device, lockdownd_service_descriptor_t service, device_link_service_client_t *client) { - if (!device || service->port == 0 || !client || *client) { + if (!device || !service || service->port == 0 || !client || *client) { return DEVICE_LINK_SERVICE_E_INVALID_ARG; } diff --git a/src/diagnostics_relay.c b/src/diagnostics_relay.c index 3469ae4..506b901 100644 --- a/src/diagnostics_relay.c +++ b/src/diagnostics_relay.c @@ -83,7 +83,7 @@ static int diagnostics_relay_check_result(plist_t dict) */ diagnostics_relay_error_t diagnostics_relay_client_new(idevice_t device, lockdownd_service_descriptor_t service, diagnostics_relay_client_t *client) { - if (!device || service->port == 0 || !client || *client) { + if (!device || !service || service->port == 0 || !client || *client) { return DIAGNOSTICS_RELAY_E_INVALID_ARG; } diff --git a/src/file_relay.c b/src/file_relay.c index 39382fb..b1adb4f 100644 --- a/src/file_relay.c +++ b/src/file_relay.c @@ -38,7 +38,7 @@ */ file_relay_error_t file_relay_client_new(idevice_t device, lockdownd_service_descriptor_t service, file_relay_client_t *client) { - if (!device || service->port == 0 || !client || *client) { + if (!device || !service || service->port == 0 || !client || *client) { return FILE_RELAY_E_INVALID_ARG; } diff --git a/src/heartbeat.c b/src/heartbeat.c index 0f8d2f3..cee852e 100644 --- a/src/heartbeat.c +++ b/src/heartbeat.c @@ -74,13 +74,13 @@ heartbeat_error_t heartbeat_client_new(idevice_t device, lockdownd_service_descr { *client = NULL; - debug_info("Creating heartbeat_client, port = %d.", service->port); - - if (!device || service->port == 0 || !client || *client) { + if (!device || !service || service->port == 0 || !client || *client) { debug_info("Incorrect parameter passed to heartbeat_client_new."); return HEARTBEAT_E_INVALID_ARG; } + debug_info("Creating heartbeat_client, port = %d.", service->port); + property_list_service_client_t plclient = NULL; heartbeat_error_t ret = heartbeat_error(property_list_service_client_new(device, service, &plclient)); if (ret != HEARTBEAT_E_SUCCESS) { diff --git a/src/house_arrest.c b/src/house_arrest.c index b3dbbf8..5dfd1b6 100644 --- a/src/house_arrest.c +++ b/src/house_arrest.c @@ -68,9 +68,6 @@ static house_arrest_error_t house_arrest_error(property_list_service_error_t err */ house_arrest_error_t house_arrest_client_new(idevice_t device, lockdownd_service_descriptor_t service, house_arrest_client_t *client) { - if (!device) - return HOUSE_ARREST_E_INVALID_ARG; - property_list_service_client_t plistclient = NULL; house_arrest_error_t err = house_arrest_error(property_list_service_client_new(device, service, &plistclient)); if (err != HOUSE_ARREST_E_SUCCESS) { diff --git a/src/installation_proxy.c b/src/installation_proxy.c index eacab9d..d4c1750 100644 --- a/src/installation_proxy.c +++ b/src/installation_proxy.c @@ -104,12 +104,10 @@ static instproxy_error_t instproxy_error(property_list_service_error_t err) */ instproxy_error_t instproxy_client_new(idevice_t device, lockdownd_service_descriptor_t service, instproxy_client_t *client) { - if (!device) - return INSTPROXY_E_INVALID_ARG; - property_list_service_client_t plistclient = NULL; - if (property_list_service_client_new(device, service, &plistclient) != PROPERTY_LIST_SERVICE_E_SUCCESS) { - return INSTPROXY_E_CONN_FAILED; + instproxy_error_t err = instproxy_error(property_list_service_client_new(device, service, &plistclient)); + if (err != INSTPROXY_E_SUCCESS) { + return err; } instproxy_client_t client_loc = (instproxy_client_t) malloc(sizeof(struct instproxy_client_private)); diff --git a/src/misagent.c b/src/misagent.c index cb84188..1bc4519 100644 --- a/src/misagent.c +++ b/src/misagent.c @@ -100,9 +100,6 @@ static misagent_error_t misagent_check_result(plist_t response, int* status_code */ misagent_error_t misagent_client_new(idevice_t device, lockdownd_service_descriptor_t service, misagent_client_t *client) { - if (!device) - return MISAGENT_E_INVALID_ARG; - property_list_service_client_t plistclient = NULL; misagent_error_t err = misagent_error(property_list_service_client_new(device, service, &plistclient)); if (err != MISAGENT_E_SUCCESS) { diff --git a/src/mobile_image_mounter.c b/src/mobile_image_mounter.c index 3e31ef4..1d608db 100644 --- a/src/mobile_image_mounter.c +++ b/src/mobile_image_mounter.c @@ -98,12 +98,10 @@ static mobile_image_mounter_error_t mobile_image_mounter_error(property_list_ser */ mobile_image_mounter_error_t mobile_image_mounter_new(idevice_t device, lockdownd_service_descriptor_t service, mobile_image_mounter_client_t *client) { - if (!device) - return MOBILE_IMAGE_MOUNTER_E_INVALID_ARG; - property_list_service_client_t plistclient = NULL; - if (property_list_service_client_new(device, service, &plistclient) != PROPERTY_LIST_SERVICE_E_SUCCESS) { - return MOBILE_IMAGE_MOUNTER_E_CONN_FAILED; + mobile_image_mounter_error_t err = mobile_image_mounter_error(property_list_service_client_new(device, service, &plistclient)); + if (err != MOBILE_IMAGE_MOUNTER_E_SUCCESS) { + return err; } mobile_image_mounter_client_t client_loc = (mobile_image_mounter_client_t) malloc(sizeof(struct mobile_image_mounter_client_private)); diff --git a/src/mobilebackup.c b/src/mobilebackup.c index ab4dec0..aae4b06 100644 --- a/src/mobilebackup.c +++ b/src/mobilebackup.c @@ -72,10 +72,9 @@ static mobilebackup_error_t mobilebackup_error(device_link_service_error_t err) * or more parameters are invalid, or DEVICE_LINK_SERVICE_E_BAD_VERSION if * the mobilebackup version on the device is newer. */ -mobilebackup_error_t mobilebackup_client_new(idevice_t device, lockdownd_service_descriptor_t service, - mobilebackup_client_t * client) +mobilebackup_error_t mobilebackup_client_new(idevice_t device, lockdownd_service_descriptor_t service, mobilebackup_client_t * client) { - if (!device || service->port == 0 || !client || *client) + if (!device || !service || service->port == 0 || !client || *client) return MOBILEBACKUP_E_INVALID_ARG; device_link_service_client_t dlclient = NULL; diff --git a/src/mobilebackup2.c b/src/mobilebackup2.c index 15ba469..6356376 100644 --- a/src/mobilebackup2.c +++ b/src/mobilebackup2.c @@ -76,7 +76,7 @@ static mobilebackup2_error_t mobilebackup2_error(device_link_service_error_t err mobilebackup2_error_t mobilebackup2_client_new(idevice_t device, lockdownd_service_descriptor_t service, mobilebackup2_client_t * client) { - if (!device || service->port == 0 || !client || *client) + if (!device || !service || service->port == 0 || !client || *client) return MOBILEBACKUP2_E_INVALID_ARG; device_link_service_client_t dlclient = NULL; diff --git a/src/mobilesync.c b/src/mobilesync.c index 4fe24b2..af70ea4 100644 --- a/src/mobilesync.c +++ b/src/mobilesync.c @@ -81,7 +81,7 @@ static mobilesync_error_t mobilesync_error(device_link_service_error_t err) mobilesync_error_t mobilesync_client_new(idevice_t device, lockdownd_service_descriptor_t service, mobilesync_client_t * client) { - if (!device || service->port == 0 || !client || *client) + if (!device || !service || service->port == 0 || !client || *client) return MOBILESYNC_E_INVALID_ARG; device_link_service_client_t dlclient = NULL; diff --git a/src/notification_proxy.c b/src/notification_proxy.c index 8fb9ad0..5b293f8 100644 --- a/src/notification_proxy.c +++ b/src/notification_proxy.c @@ -108,12 +108,10 @@ static np_error_t np_error(property_list_service_error_t err) */ np_error_t np_client_new(idevice_t device, lockdownd_service_descriptor_t service, np_client_t *client) { - if (!device) - return NP_E_INVALID_ARG; - property_list_service_client_t plistclient = NULL; - if (property_list_service_client_new(device, service, &plistclient) != PROPERTY_LIST_SERVICE_E_SUCCESS) { - return NP_E_CONN_FAILED; + np_error_t err = np_error(property_list_service_client_new(device, service, &plistclient)); + if (err != NP_E_SUCCESS) { + return err; } np_client_t client_loc = (np_client_t) malloc(sizeof(struct np_client_private)); diff --git a/src/property_list_service.c b/src/property_list_service.c index 025a9bc..941f37e 100644 --- a/src/property_list_service.c +++ b/src/property_list_service.c @@ -68,7 +68,7 @@ static property_list_service_error_t service_to_property_list_service_error(serv */ property_list_service_error_t property_list_service_client_new(idevice_t device, lockdownd_service_descriptor_t service, property_list_service_client_t *client) { - if (!device || (service->port == 0) || !client || *client) + if (!device || !service || service->port == 0 || !client || *client) return PROPERTY_LIST_SERVICE_E_INVALID_ARG; service_client_t parent = NULL; diff --git a/src/sbservices.c b/src/sbservices.c index 6b1a4d1..00f2862 100644 --- a/src/sbservices.c +++ b/src/sbservices.c @@ -97,9 +97,6 @@ static sbservices_error_t sbservices_error(property_list_service_error_t err) */ sbservices_error_t sbservices_client_new(idevice_t device, lockdownd_service_descriptor_t service, sbservices_client_t *client) { - if (!device) - return SBSERVICES_E_INVALID_ARG; - property_list_service_client_t plistclient = NULL; sbservices_error_t err = sbservices_error(property_list_service_client_new(device, service, &plistclient)); if (err != SBSERVICES_E_SUCCESS) { diff --git a/src/screenshotr.c b/src/screenshotr.c index e2bc979..b538232 100644 --- a/src/screenshotr.c +++ b/src/screenshotr.c @@ -76,7 +76,7 @@ static screenshotr_error_t screenshotr_error(device_link_service_error_t err) screenshotr_error_t screenshotr_client_new(idevice_t device, lockdownd_service_descriptor_t service, screenshotr_client_t * client) { - if (!device || service->port == 0 || !client || *client) + if (!device || !service || service->port == 0 || !client || *client) return SCREENSHOTR_E_INVALID_ARG; device_link_service_client_t dlclient = NULL; diff --git a/src/service.c b/src/service.c index 959c9fb..abd1696 100644 --- a/src/service.c +++ b/src/service.c @@ -66,7 +66,7 @@ static service_error_t idevice_to_service_error(idevice_error_t err) */ service_error_t service_client_new(idevice_t device, lockdownd_service_descriptor_t service, service_client_t *client) { - if (!device || (service->port == 0) || !client || *client) + if (!device || !service || service->port == 0 || !client || *client) return SERVICE_E_INVALID_ARG; /* Attempt connection */ @@ -117,7 +117,7 @@ service_error_t service_client_factory_start_service(idevice_t device, const cha lockdownd_start_service(lckd, service_name, &service); lockdownd_client_free(lckd); - if (service->port <= 0) { + if (!service || service->port == 0) { debug_info("Could not start service %s!", service_name); return SERVICE_E_START_SERVICE_ERROR; } diff --git a/src/webinspector.c b/src/webinspector.c index fea26d4..aef6d6f 100644 --- a/src/webinspector.c +++ b/src/webinspector.c @@ -74,13 +74,13 @@ webinspector_error_t webinspector_client_new(idevice_t device, lockdownd_service { *client = NULL; - debug_info("Creating webinspector_client, port = %d.", service->port); - - if (!device || service->port == 0 || !client || *client) { + if (!device || !service || service->port == 0 || !client || *client) { debug_info("Incorrect parameter passed to webinspector_client_new."); return WEBINSPECTOR_E_INVALID_ARG; } + debug_info("Creating webinspector_client, port = %d.", service->port); + property_list_service_client_t plclient = NULL; webinspector_error_t ret = webinspector_error(property_list_service_client_new(device, service, &plclient)); if (ret != WEBINSPECTOR_E_SUCCESS) { diff --git a/tools/idevicebackup.c b/tools/idevicebackup.c index 95c5694..8f5362c 100644 --- a/tools/idevicebackup.c +++ b/tools/idevicebackup.c @@ -755,7 +755,7 @@ static void do_post_notification(const char *notification) } lockdownd_start_service(client, NP_SERVICE_NAME, &service); - if (service->port) { + if (service && service->port) { np_client_new(device, service, &np); if (np) { np_post_notification(np, notification); @@ -937,7 +937,7 @@ int main(int argc, char *argv[]) /* start notification_proxy */ np_client_t np = NULL; ret = lockdownd_start_service(client, NP_SERVICE_NAME, &service); - if ((ret == LOCKDOWN_E_SUCCESS) && service->port) { + if ((ret == LOCKDOWN_E_SUCCESS) && service && service->port) { np_client_new(device, service, &np); np_set_notify_callback(np, notify_cb, NULL); const char *noties[5] = { @@ -952,11 +952,6 @@ int main(int argc, char *argv[]) printf("ERROR: Could not start service %s.\n", NP_SERVICE_NAME); } - if (service) { - lockdownd_service_descriptor_free(service); - service = NULL; - } - afc_client_t afc = NULL; if (cmd == CMD_BACKUP) { /* start AFC, we need this for the lock file */ @@ -975,7 +970,7 @@ int main(int argc, char *argv[]) /* start mobilebackup service and retrieve port */ ret = lockdownd_start_service(client, MOBILEBACKUP_SERVICE_NAME, &service); - if ((ret == LOCKDOWN_E_SUCCESS) && service->port) { + if ((ret == LOCKDOWN_E_SUCCESS) && service && service->port) { printf("Started \"%s\" service on port %d.\n", MOBILEBACKUP_SERVICE_NAME, service->port); mobilebackup_client_new(device, service, &mobilebackup); diff --git a/tools/idevicebackup2.c b/tools/idevicebackup2.c index 0353c9b..d70a7ae 100644 --- a/tools/idevicebackup2.c +++ b/tools/idevicebackup2.c @@ -489,7 +489,7 @@ static void do_post_notification(idevice_t device, const char *notification) } lockdownd_start_service(lockdown, NP_SERVICE_NAME, &service); - if (service->port) { + if (service && service->port) { np_client_new(device, service, &np); if (np) { np_post_notification(np, notification); @@ -1557,7 +1557,7 @@ int main(int argc, char *argv[]) /* start notification_proxy */ np_client_t np = NULL; ret = lockdownd_start_service(lockdown, NP_SERVICE_NAME, &service); - if ((ret == LOCKDOWN_E_SUCCESS) && service->port) { + if ((ret == LOCKDOWN_E_SUCCESS) && service && service->port) { np_client_new(device, service, &np); np_set_notify_callback(np, notify_cb, NULL); const char *noties[5] = { @@ -1572,11 +1572,6 @@ int main(int argc, char *argv[]) printf("ERROR: Could not start service %s.\n", NP_SERVICE_NAME); } - if (service) { - lockdownd_service_descriptor_free(service); - service = NULL; - } - afc_client_t afc = NULL; if (cmd == CMD_BACKUP) { /* start AFC, we need this for the lock file */ @@ -1596,7 +1591,7 @@ int main(int argc, char *argv[]) /* start mobilebackup service and retrieve port */ mobilebackup2_client_t mobilebackup2 = NULL; ret = lockdownd_start_service(lockdown, MOBILEBACKUP2_SERVICE_NAME, &service); - if ((ret == LOCKDOWN_E_SUCCESS) && service->port) { + if ((ret == LOCKDOWN_E_SUCCESS) && service && service->port) { PRINT_VERBOSE(1, "Started \"%s\" service on port %d.\n", MOBILEBACKUP2_SERVICE_NAME, service->port); mobilebackup2_client_new(device, service, &mobilebackup2); diff --git a/tools/idevicedebugserverproxy.c b/tools/idevicedebugserverproxy.c index 32438ad..3a25ebc 100644 --- a/tools/idevicedebugserverproxy.c +++ b/tools/idevicedebugserverproxy.c @@ -297,7 +297,7 @@ int main(int argc, char *argv[]) goto leave_cleanup; } - if ((lockdownd_start_service(lockdown, "com.apple.debugserver", &service) != LOCKDOWN_E_SUCCESS) || !service->port) { + if ((lockdownd_start_service(lockdown, "com.apple.debugserver", &service) != LOCKDOWN_E_SUCCESS) || !service || !service->port) { fprintf(stderr, "Could not start com.apple.debugserver!\nPlease make sure to mount the developer disk image first.\n"); result = EXIT_FAILURE; goto leave_cleanup; diff --git a/tools/idevicediagnostics.c b/tools/idevicediagnostics.c index 410d054..464df20 100644 --- a/tools/idevicediagnostics.c +++ b/tools/idevicediagnostics.c @@ -188,7 +188,7 @@ int main(int argc, char **argv) lockdownd_client_free(lockdown_client); - if ((ret == LOCKDOWN_E_SUCCESS) && (service->port > 0)) { + if ((ret == LOCKDOWN_E_SUCCESS) && service && (service->port > 0)) { if (diagnostics_relay_client_new(device, service, &diagnostics_client) != DIAGNOSTICS_RELAY_E_SUCCESS) { printf("Could not connect to diagnostics_relay!\n"); result = -1; diff --git a/tools/ideviceimagemounter.c b/tools/ideviceimagemounter.c index 57a2e27..e57d83a 100644 --- a/tools/ideviceimagemounter.c +++ b/tools/ideviceimagemounter.c @@ -305,7 +305,7 @@ int main(int argc, char **argv) lockdownd_start_service(lckd, "com.apple.mobile.mobile_image_mounter", &service); - if (service->port == 0) { + if (!service || service->port == 0) { printf("ERROR: Could not start mobile_image_mounter service!\n"); goto leave; } @@ -323,7 +323,7 @@ int main(int argc, char **argv) if (!list_mode) { struct stat fst; if ((lockdownd_start_service(lckd, "com.apple.afc", &service) != - LOCKDOWN_E_SUCCESS) || !service->port) { + LOCKDOWN_E_SUCCESS) || !service || !service->port) { fprintf(stderr, "Could not start com.apple.afc!\n"); goto leave; } diff --git a/tools/idevicescreenshot.c b/tools/idevicescreenshot.c index 23e7b41..d056dd0 100644 --- a/tools/idevicescreenshot.c +++ b/tools/idevicescreenshot.c @@ -83,7 +83,7 @@ int main(int argc, char **argv) lockdownd_start_service(lckd, "com.apple.mobile.screenshotr", &service); lockdownd_client_free(lckd); - if (service->port > 0) { + if (service && service->port > 0) { if (screenshotr_client_new(device, service, &shotr) != SCREENSHOTR_E_SUCCESS) { printf("Could not connect to screenshotr!\n"); } else { -- cgit v1.1-32-gdbae