Mercurial > trustbridge > trustbridge
diff cinst/nssstore_win.c @ 1084:b8fb6bf7f980
(issue118) Add signature check for cinst.exe and mozilla.exe
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Thu, 11 Sep 2014 15:17:39 +0200 |
| parents | f110a3f6e387 |
| children | fd85a02d771d |
line wrap: on
line diff
--- a/cinst/nssstore_win.c Thu Sep 11 15:24:02 2014 +0200 +++ b/cinst/nssstore_win.c Thu Sep 11 15:17:39 2014 +0200 @@ -51,6 +51,7 @@ #include "logging.h" #include "util.h" #include "strhelp.h" +#include "binverify.h" #ifndef APPNAME #define APPNAME L"cinst" @@ -693,6 +694,7 @@ char *install_dir = get_install_dir(); wchar_t *w_inst_dir; size_t w_path_len = 0; + bin_verify_result v_res; if (!selection_file) { @@ -747,6 +749,22 @@ return false; } + /* Verify the binary */ + { + char *utf8_name = wchar_to_utf8 (lpApplicationPath, wcslen(lpApplicationPath)); + v_res = verify_binary (utf8_name, strlen(utf8_name)); + xfree(utf8_name); + } + + if (v_res.result != VerifyValid) + { + ERRORPRINTF ("Failed to verify the NSS installer.\n"); + syslog_error_printf ("Integrity check of the certificate installation subprocess for NSS failed.\n"); + xfree (lpApplicationPath); + xfree (lpCommandLine); + return false; + } + DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine); success = CreateProcessAsUserW (hToken, @@ -760,6 +778,7 @@ NULL, /* Current working directory */ &siStartInfo, &piProcInfo); + fclose (v_res.fptr); xfree (lpApplicationPath); xfree (lpCommandLine); if (!success)