[PATCH 1 of 2] Add signature time extraction for Linux and test for it in binverifytest

Mon Nov 24 14:43:46 CET 2014

# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1416836590 -3600
# Node ID 948f03bb52549edd5790df60746fc356f2773721
# Parent  41cf49df007daf7226be880d8ad09d481fd87026
Add signature time extraction for Linux and test for it in binverifytest

diff -r 41cf49df007d -r 948f03bb5254 common/binverify.c

--- a/common/binverify.c	Mon Nov 24 14:04:34 2014 +0100
+++ b/common/binverify.c	Mon Nov 24 14:43:10 2014 +0100
@@ -361,6 +361,57 @@
 #ifndef __clang__
 #pragma GCC diagnostic pop
 #endif
+#include <stdlib.h>
+
+#define SIG_DT_MARKER "\r\nS_DT:"
+
+/** This function is only intended to be used on well formatted input
+  * after verifification as it makes some hard assumptions what
+  * follows the SIG_DT_MARKER*/
+time_t
+get_signature_time (char *data, size_t data_size)
+{
+  char *p = NULL,
+       *end = NULL,
+       *buf = NULL;
+  long lSigTime = 0;
+  size_t len = 0;
+
+
+  /** Look for a DOS linebreak followed by an S_DT: */
+  size_t marker_len = strlen(SIG_DT_MARKER);
+  for (p = data + data_size - 1; p > data; p--)
+    {
+      if (!memcmp(SIG_DT_MARKER, p, marker_len))
+        break;
+    }
+
+  if (!p || p == data)
+    {
+      ERRORPRINTF ("Failed to find signature timestamp.\n");
+      return 0;
+    }
+  p = strchr (p, ':');
+  end = strchr (p, '\r');
+  if (!end)
+    {
+      return 0;
+    }
+  if (end - p  <= 0)
+    {
+      // Should never happen but we check to ensure that
+      // the following cast is valid which makes a size_t
+      ERRORPRINTF ("Signature timestamp does not compute.\n");
+      return 0;
+    }
+  len = (size_t) (end - p);
+
+  buf = xstrndup (p + 1, len);
+
+  lSigTime = strtol (buf, NULL, 10);
+  xfree (buf);
+  return (time_t) lSigTime;
+}
 
 bin_verify_result
 verify_binary_linux(const char *filename, size_t name_len)
@@ -464,6 +515,9 @@
   retval.result = VerifyValid;
   retval.fptr = fptr;
 
+/** We know know that the signature is valid we can trust the data content. */
+  retval.sig_time = get_signature_time (data, data_size);
+
 done:
   if (retval.result != VerifyValid)
     {
diff -r 41cf49df007d -r 948f03bb5254 ui/tests/binverifytest.cpp
--- a/ui/tests/binverifytest.cpp	Mon Nov 24 14:04:34 2014 +0100
+++ b/ui/tests/binverifytest.cpp	Mon Nov 24 14:43:10 2014 +0100
@@ -87,12 +87,16 @@
     QVERIFY (VerifyValid == res.result);
     QFile thefile ("fakeinst-signed" EXE_SUFFIX);
 #ifdef WIN32
-    /* Verifies the deny write open mode. But on linuy we dont have it. */
+    /* Verifies the deny write open mode. But on linux we dont have it. */
     QVERIFY (!thefile.open(QIODevice::ReadWrite));
 #endif
     QVERIFY (res.fptr != NULL);
     fclose(res.fptr);
     QVERIFY (thefile.open(QIODevice::ReadWrite));
+    QVERIFY (res.sig_time != 0 && res.sig_time != -1);
+    QDateTime sigDt = QDateTime::fromTime_t(res.sig_time);
+    QVERIFY (sigDt.isValid());
+    qDebug() << "Signature time: " << sigDt;
     thefile.close();
 }
 
