properly detect gnutls errors
Reported by Martin S. | April 22nd, 2009 @ 06:38 PM | in 1.0 Release
After some dumping it still appears that there are some details in the usbmux communication which are not working correctly.
For instance try to send this plist to lockdown:
<plist>
<dict>
<key>ClientOptions</key>
<dict>
<key>ApplicationType</key>
<string>User</string>
</dict>
<key>Command</key>
<string>Browse</string>
</dict>
</plist>
While it returns a big plist file to iTunes, it fails with libiphone somewhere after receiving the SSL data.
Comments and changes to this ticket
-
Nikias Bassen April 22nd, 2009 @ 11:03 PM
Strange thing.... this is what I receive when I send the above plist:
pre-read client wants 5 bytes <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< iphone_mux_recv_timeout: received 5 bytes 0000: 15 03 00 00 20 | .... <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< post-read we got 5 bytes lockdownd_securead() called length = 32 pre-read client wants 32 bytes <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< iphone_mux_recv_timeout: received 32 bytes 0000: b3 a1 48 71 0f 95 cd a7 7f 57 d7 ce 7c c2 22 70 | ..Hq....W..|."p 0010: 0e fd 16 8d 84 ee 27 28 57 1a 0c 19 20 5b 14 f6 | ......'(W... [.. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< post-read we got 32 bytesAFAIK the packet type 0x15 (21) denotes some kind of encryption error ("Encrypted Alert")
-
Martin S. April 23rd, 2009 @ 04:46 PM
- Tag changed from “libiphone, lockdown, ssl, usbmux” to “gnutls, libiphone, lockdown, ssl, usbmux”
Looking at the dumps again I found out that this plist is actually not send to lockdown but to mobile_installation_proxy, that explains why this fails here (but probably works for mobile_installation_proxy).
Feel free to close the ticket unless we should detect such type of packet or gnutls error.
-
Nikias Bassen April 23rd, 2009 @ 08:30 PM
- Title changed from “Problem receiving secure data in special cases” to “properly detect gnutls errors”
Well ok ;) that explains why this is a problem.
However, I think the lockdown implementation needs a way to determine that there's something wrong with SSL as any following operations using SSL will also fail when an 'encrypted alert' occurs. Would be better if ssl-dependent operations (such as start service) could check if the current session is invalid, and then do not try to send any encrypted data at all but return a proper error code.
-
Nikias Bassen May 19th, 2009 @ 10:47 AM
- State changed from “new” to “open”
Here's a patch that makes lockdown check for gnutls errors and let it return IPHONE_E_SSL_ERROR. This should solve problems like the one described above.
The patch also supresses compiler warnings and removes some commented-out *_mux functions I forgot to remove.
-
Nikias Bassen May 19th, 2009 @ 10:49 AM
- Milestone set to “1.0 Release”
-
Matt Colyer May 19th, 2009 @ 02:29 PM
- State changed from “open” to “resolved”
(from [34b8e4d575876ace41b91fb6e25a5fa9f9290608]) lockdown: Check for gnutls errors and silence compiler warnings. general: Removed some commented-out code.
[#39 state:resolved]
Signed-off-by: Matt Colyer matt@colyer.name
http://github.com/MattColyer/libiphone/commit/34b8e4d575876ace41b91...
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
A project around supporting the iPhone in Linux.
See http://libimobiledevice.org
People watching this ticket
Martin S.
Nikias Bassen
Attachments
Referenced by
-
5
Integrate usbmuxd (when it's ready)
NOTE: the patch from ticket #39 has to be applied before ...
-
39
properly detect gnutls errors
[#39
state:resolved]
-
5
Integrate usbmuxd (when it's ready)
Okay I added in that patch as well (and closed #39). The
...