From 2e1652a956bb023961241ad398e62e8eaa24e5c1 Mon Sep 17 00:00:00 2001
From: "Jay Freeman (saurik)" <saurik@saurik.com>
Date: Wed, 9 Mar 2011 05:11:17 -0800
Subject: Only send UDID to vaguely secure hosts.

---
 MobileCydia.mm | 40 ++++++++++++++++++++++++++++++++++++----
 1 file changed, 36 insertions(+), 4 deletions(-)

diff --git a/MobileCydia.mm b/MobileCydia.mm
index 3c11b91..e44d82b 100644
--- a/MobileCydia.mm
+++ b/MobileCydia.mm
@@ -710,6 +710,7 @@ static _H<NSMutableDictionary> SessionData_;
 static _H<NSObject> HostConfig_;
 static _H<NSMutableSet> BridgedHosts_;
 static _H<NSMutableSet> TokenHosts_;
+static _H<NSMutableSet> InsecureHosts_;
 static _H<NSMutableSet> PipelinedHosts_;
 static _H<NSMutableSet> CachedURLs_;
 
@@ -3838,6 +3839,8 @@ static _H<NSMutableSet> Diversions_;
     if (false);
     else if (selector == @selector(addBridgedHost:))
         return @"addBridgedHost";
+    else if (selector == @selector(addInsecureHost:))
+        return @"addInsecureHost";
     else if (selector == @selector(addInternalRedirect::))
         return @"addInternalRedirect";
     else if (selector == @selector(addPipelinedHost:scheme:))
@@ -3998,6 +4001,11 @@ static _H<NSMutableSet> Diversions_;
     [BridgedHosts_ addObject:host];
 } }
 
+- (void) addInsecureHost:(NSString *)host {
+@synchronized (HostConfig_) {
+    [InsecureHosts_ addObject:host];
+} }
+
 - (void) addTokenHost:(NSString *)host {
 @synchronized (HostConfig_) {
     [TokenHosts_ addObject:host];
@@ -4221,6 +4229,24 @@ static _H<NSMutableSet> Diversions_;
 @end
 /* }}} */
 
+@interface NSURL (CydiaSecure)
+@end
+
+@implementation NSURL (CydiaSecure)
+
+- (bool) isCydiaSecure {
+    if ([[[self scheme] lowercaseString] isEqualToString:@"https"])
+        return true;
+
+    @synchronized (HostConfig_) {
+        if ([InsecureHosts_ containsObject:[self host]])
+            return true;
+    }
+
+    return false;
+}
+
+@end
 
 /* Cydia Browser Controller {{{ */
 @implementation CydiaWebViewController
@@ -4286,7 +4312,7 @@ static _H<NSMutableSet> Diversions_;
         token = [TokenHosts_ containsObject:host];
     }
 
-    if (token) {
+    if ([url isCydiaSecure] && token) {
         if (Token_ != nil && [copy valueForHTTPHeaderField:@"X-Cydia-Token"] == nil)
             [copy setValue:Token_ forHTTPHeaderField:@"X-Cydia-Token"];
     }
@@ -8051,8 +8077,10 @@ bool DepSubstrate(const pkgCache::VerIterator &iterator) {
 }
 
 - (NSURLConnection *) _requestHRef:(NSString *)href method:(NSString *)method {
+    NSURL *url([NSURL URLWithString:href]);
+
     NSMutableURLRequest *request = [NSMutableURLRequest
-        requestWithURL:[NSURL URLWithString:href]
+        requestWithURL:url
         cachePolicy:NSURLRequestUseProtocolCachePolicy
         timeoutInterval:120.0
     ];
@@ -8061,8 +8089,11 @@ bool DepSubstrate(const pkgCache::VerIterator &iterator) {
 
     if (Machine_ != NULL)
         [request setValue:[NSString stringWithUTF8String:Machine_] forHTTPHeaderField:@"X-Machine"];
-    if (UniqueID_ != nil)
-        [request setValue:UniqueID_ forHTTPHeaderField:@"X-Unique-ID"];
+
+    if ([url isCydiaSecure]) {
+        if (UniqueID_ != nil)
+            [request setValue:UniqueID_ forHTTPHeaderField:@"X-Unique-ID"];
+    }
 
     return [[[NSURLConnection alloc] initWithRequest:request delegate:self] autorelease];
 }
@@ -9692,6 +9723,7 @@ int main(int argc, char *argv[]) {
     @synchronized (HostConfig_) {
         BridgedHosts_ = [NSMutableSet setWithCapacity:4];
         TokenHosts_ = [NSMutableSet setWithCapacity:4];
+        InsecureHosts_ = [NSMutableSet setWithCapacity:4];
         PipelinedHosts_ = [NSMutableSet setWithCapacity:4];
         CachedURLs_ = [NSMutableSet setWithCapacity:32];
     }
-- 
cgit v1.2.3