[PATCH] (issue118) Add signature check for cinst.exe and mozilla.exe
Wald Commits
scm-commit at wald.intevation.org
Thu Sep 11 15:49:18 CEST 2014
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1410441459 -7200
# Node ID b8fb6bf7f980d0c4374e8396fe99e58398fb0b69
# Parent d6dc1144895bd2ba1685df4cb2922e74308c7a4f
(issue118) Add signature check for cinst.exe and mozilla.exe
diff -r d6dc1144895b -r b8fb6bf7f980 cinst/nssstore_win.c
--- a/cinst/nssstore_win.c Thu Sep 11 15:24:02 2014 +0200
+++ b/cinst/nssstore_win.c Thu Sep 11 15:17:39 2014 +0200
@@ -51,6 +51,7 @@
#include "logging.h"
#include "util.h"
#include "strhelp.h"
+#include "binverify.h"
#ifndef APPNAME
#define APPNAME L"cinst"
@@ -693,6 +694,7 @@
char *install_dir = get_install_dir();
wchar_t *w_inst_dir;
size_t w_path_len = 0;
+ bin_verify_result v_res;
if (!selection_file)
{
@@ -747,6 +749,22 @@
return false;
}
+ /* Verify the binary */
+ {
+ char *utf8_name = wchar_to_utf8 (lpApplicationPath, wcslen(lpApplicationPath));
+ v_res = verify_binary (utf8_name, strlen(utf8_name));
+ xfree(utf8_name);
+ }
+
+ if (v_res.result != VerifyValid)
+ {
+ ERRORPRINTF ("Failed to verify the NSS installer.\n");
+ syslog_error_printf ("Integrity check of the certificate installation subprocess for NSS failed.\n");
+ xfree (lpApplicationPath);
+ xfree (lpCommandLine);
+ return false;
+ }
+
DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
success = CreateProcessAsUserW (hToken,
@@ -760,6 +778,7 @@
NULL, /* Current working directory */
&siStartInfo,
&piProcInfo);
+ fclose (v_res.fptr);
xfree (lpApplicationPath);
xfree (lpCommandLine);
if (!success)
diff -r d6dc1144895b -r b8fb6bf7f980 ui/installwrapper.cpp
--- a/ui/installwrapper.cpp Thu Sep 11 15:24:02 2014 +0200
+++ b/ui/installwrapper.cpp Thu Sep 11 15:17:39 2014 +0200
@@ -16,6 +16,7 @@
#include "logging.h"
#include "util.h"
+#include "binverify.h"
#define INSTALL_TIMEOUT 3600000 /* Wait up to an hour */
@@ -79,6 +80,15 @@
}
#ifdef WIN32
+ bin_verify_result vres = verify_binary(cinstFileName.toUtf8().constData(),
+ cinstFileName.toUtf8().size());
+
+ if (vres.result != VerifyValid) {
+ emit error(tr("Integrity check of the certificate installation process failed. ")
+ + "\n" + tr("Please reinstall the Software."));
+ return;
+ }
+
/* QProcess on Windows uses CreateProcess but we have to
* use the runas shell command to get the UAC prompt if necessary.
* So we have to handle the process ourself. Starting with
@@ -116,6 +126,7 @@
QString qerrmsg = QString::fromUtf8(errmsg);
free(errmsg);
emit error(tr("Error executing process: %1").arg(qerrmsg));
+ fclose(vres.fptr);
return;
}
@@ -127,9 +138,11 @@
QString qerrmsg = QString::fromUtf8(errmsg);
free(errmsg);
emit error (tr("Error monitoring process: %1").arg(qerrmsg));
+ fclose(vres.fptr);
return;
} else {
emit error (tr("Certificate installation timed out."));
+ fclose(vres.fptr);
return;
}
}
@@ -144,9 +157,11 @@
free(errmsg);
emit error (tr("Failed to check process status: %1").arg(qerrmsg));
CloseHandle(shExecInfo.hProcess);
+ fclose(vres.fptr);
return;
}
CloseHandle(shExecInfo.hProcess);
+ fclose(vres.fptr);
if (retval != 0) {
/* TODO make this nicer */
More information about the Trustbridge-commits
mailing list