Mercurial > trustbridge
changeset 1369:948f03bb5254
Add signature time extraction for Linux and test for it in binverifytest
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 24 Nov 2014 14:43:10 +0100 (2014-11-24) |
parents | 41cf49df007d |
children | 289cb3554c55 |
files | common/binverify.c ui/tests/binverifytest.cpp |
diffstat | 2 files changed, 59 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/common/binverify.c Mon Nov 24 14:04:34 2014 +0100 +++ b/common/binverify.c Mon Nov 24 14:43:10 2014 +0100 @@ -361,6 +361,57 @@ #ifndef __clang__ #pragma GCC diagnostic pop #endif +#include <stdlib.h> + +#define SIG_DT_MARKER "\r\nS_DT:" + +/** This function is only intended to be used on well formatted input + * after verifification as it makes some hard assumptions what + * follows the SIG_DT_MARKER*/ +time_t +get_signature_time (char *data, size_t data_size) +{ + char *p = NULL, + *end = NULL, + *buf = NULL; + long lSigTime = 0; + size_t len = 0; + + + /** Look for a DOS linebreak followed by an S_DT: */ + size_t marker_len = strlen(SIG_DT_MARKER); + for (p = data + data_size - 1; p > data; p--) + { + if (!memcmp(SIG_DT_MARKER, p, marker_len)) + break; + } + + if (!p || p == data) + { + ERRORPRINTF ("Failed to find signature timestamp.\n"); + return 0; + } + p = strchr (p, ':'); + end = strchr (p, '\r'); + if (!end) + { + return 0; + } + if (end - p <= 0) + { + // Should never happen but we check to ensure that + // the following cast is valid which makes a size_t + ERRORPRINTF ("Signature timestamp does not compute.\n"); + return 0; + } + len = (size_t) (end - p); + + buf = xstrndup (p + 1, len); + + lSigTime = strtol (buf, NULL, 10); + xfree (buf); + return (time_t) lSigTime; +} bin_verify_result verify_binary_linux(const char *filename, size_t name_len) @@ -464,6 +515,9 @@ retval.result = VerifyValid; retval.fptr = fptr; +/** We know know that the signature is valid we can trust the data content. */ + retval.sig_time = get_signature_time (data, data_size); + done: if (retval.result != VerifyValid) {
--- a/ui/tests/binverifytest.cpp Mon Nov 24 14:04:34 2014 +0100 +++ b/ui/tests/binverifytest.cpp Mon Nov 24 14:43:10 2014 +0100 @@ -87,12 +87,16 @@ QVERIFY (VerifyValid == res.result); QFile thefile ("fakeinst-signed" EXE_SUFFIX); #ifdef WIN32 - /* Verifies the deny write open mode. But on linuy we dont have it. */ + /* Verifies the deny write open mode. But on linux we dont have it. */ QVERIFY (!thefile.open(QIODevice::ReadWrite)); #endif QVERIFY (res.fptr != NULL); fclose(res.fptr); QVERIFY (thefile.open(QIODevice::ReadWrite)); + QVERIFY (res.sig_time != 0 && res.sig_time != -1); + QDateTime sigDt = QDateTime::fromTime_t(res.sig_time); + QVERIFY (sigDt.isValid()); + qDebug() << "Signature time: " << sigDt; thefile.close(); }