From 7b3aa777cbc65a2c2db5c31acbfa0582952b6dd9 Mon Sep 17 00:00:00 2001 From: Andreas Henriksson Date: Mon, 5 May 2014 11:36:29 +0200 Subject: lockdown: avoid crashing when getting system buid fails When userpref_read_system_buid fails to retrieve the buid, systembuid will be set to NULL. It was then unconditionally passed to plist_new_string - which will crash with a NULL argument. See https://bugs.debian.org/730756 for people reporting this happening in the real world. See https://github.com/libimobiledevice/libimobiledevice/commit/1331f6baa1799e41003aa812c0d1bf36193535ea ("lockdown: Make sure to set SystemBUID in generated pair records") for the commit where this problem was introduced. --- src/lockdown.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lockdown.c b/src/lockdown.c index cf03e0f..b96ddc6 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -743,8 +743,9 @@ static lockdownd_error_t pair_record_generate(lockdownd_client_t client, plist_t } /* set SystemBUID */ - userpref_read_system_buid(&system_buid); - plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); + if (userpref_read_system_buid(&system_buid)) { + plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); + } /* set HostID */ host_id = generate_uuid(); -- cgit v1.1-32-gdbae