Mercurial > trustbridge

diff cinst/nssstore_win.c @ 1084:b8fb6bf7f980

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue118) Add signature check for cinst.exe and mozilla.exe
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 11 Sep 2014 15:17:39 +0200
parents f110a3f6e387
children fd85a02d771d
line wrap: on
line diff
--- a/cinst/nssstore_win.c	Thu Sep 11 15:24:02 2014 +0200
+++ b/cinst/nssstore_win.c	Thu Sep 11 15:17:39 2014 +0200
@@ -51,6 +51,7 @@
 #include "logging.h"
 #include "util.h"
 #include "strhelp.h"
+#include "binverify.h"
 
 #ifndef APPNAME
 #define APPNAME L"cinst"
@@ -693,6 +694,7 @@
   char *install_dir = get_install_dir();
   wchar_t *w_inst_dir;
   size_t w_path_len = 0;
+  bin_verify_result v_res;
 
   if (!selection_file)
     {
@@ -747,6 +749,22 @@
       return false;
     }
 
+  /* Verify the binary */
+    {
+      char *utf8_name = wchar_to_utf8 (lpApplicationPath, wcslen(lpApplicationPath));
+      v_res = verify_binary (utf8_name, strlen(utf8_name));
+      xfree(utf8_name);
+    }
+
+  if (v_res.result != VerifyValid)
+    {
+      ERRORPRINTF ("Failed to verify the NSS installer.\n");
+      syslog_error_printf ("Integrity check of the certificate installation subprocess for NSS failed.\n");
+      xfree (lpApplicationPath);
+      xfree (lpCommandLine);
+      return false;
+    }
+
   DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
 
   success = CreateProcessAsUserW (hToken,
@@ -760,6 +778,7 @@
                                   NULL, /* Current working directory */
                                   &siStartInfo,
                                   &piProcInfo);
+  fclose (v_res.fptr);
   xfree (lpApplicationPath);
   xfree (lpCommandLine);
   if (!success)
http://wald.intevation.org/projects/trustbridge/