# HG changeset patch # User Andre Heinecke # Date 1416591238 -3600 # Node ID 3d7ddf6984807fc31b0a9875a90044f14ba5aad1 # Parent 28885e8c891f21dad2ecf3f66d4d9b82117b12fb (issue177) Only install updates with a newer signature on windows diff -r 28885e8c891f -r 3d7ddf698480 ui/main.cpp --- a/ui/main.cpp Fri Nov 21 18:33:31 2014 +0100 +++ b/ui/main.cpp Fri Nov 21 18:33:58 2014 +0100 @@ -74,6 +74,7 @@ int main(int argc, char **argv) { + time_t signed_time = 0; #ifdef WIN32 /* First verify integrity even before calling QApplication. * We only do this on Windows as we have a PKCS#7 embedded @@ -82,7 +83,7 @@ * On GNU/Linux platforms you should use an IDS system to * monitor executable corruptions. */ - if (!selftest()) { + if (!selftest(&signed_time)) { syslog_error_printf("Integrity check failed."); MessageBoxW(NULL, L"TrustBridge wurde nach der Installation modifizert.\n" @@ -188,6 +189,12 @@ app.setFont(font); } + if (signed_time != 0 && signed_time != -1) { + QDateTime sigTime = QDateTime::fromTime_t(signed_time); + QSettings settigs; + settings.setValue("Software/currentSigDt", sigTime); + } + MainWindow mainWin(trayMode); return app.exec(); diff -r 28885e8c891f -r 3d7ddf698480 ui/mainwindow.cpp --- a/ui/mainwindow.cpp Fri Nov 21 18:33:31 2014 +0100 +++ b/ui/mainwindow.cpp Fri Nov 21 18:33:58 2014 +0100 @@ -280,10 +280,20 @@ } bin_verify_result verifyResult = verify_binary(swFileName.toUtf8().constData(), swFileName.toUtf8().size()); - qDebug() << "Binary verify result: " << verifyResult.result; - if (verifyResult.result != VerifyValid) { + QDateTime sigDt = QDateTime::fromTime_t (verifyResult.sig_time); + QDateTime currentSigDt = mSettings.value("Software/currentSigDt").toDateTime(); + + if (verifyResult.result != VerifyValid || (currentSigDt.isValid() && sigDt <= currentSigDt)) { handleLTE(lteInvalidSoftware); - qDebug() << "Failed to verify downloaded data."; + if (verifyResult.result != VerifyValid) { + qDebug() << "Failed to verify downloaded data."; + } else { + qDebug() << "Software update was signed at: " << sigDt; + qDebug() << "But the installed software was signed on: " << currentSigDt; + if (verifyResult.fptr) { + fclose(verifyResult.fptr); + } + } QFile::remove(swFileName); mSettings.remove("Software/available"); mSettings.remove("Software/availableDate"); @@ -414,9 +424,23 @@ bin_verify_result vres = verify_binary(filePath.toUtf8().constData(), filePath.toUtf8().size()); - if (vres.result != VerifyValid) { + QDateTime sigDt = QDateTime::fromTime_t (vres.sig_time); + QDateTime currentSigDt = mSettings.value("Software/currentSigDt").toDateTime(); + + if (vres.result != VerifyValid || (currentSigDt.isValid() && sigDt <= currentSigDt)) { handleLTE(lteInvalidSoftware); - qDebug() << "Invalid software. Not installing"; + if (vres.result != VerifyValid) { + qDebug() << "Failed to verify installer."; + } else { + qDebug() << "Software update was signed at: " << sigDt; + qDebug() << "But the installed software was signed on: " << currentSigDt; + if (vres.fptr) { + fclose(vres.fptr); + } + } + QFile::remove(filePath); + mSettings.remove("Software/available"); + mSettings.remove("Software/availableDate"); return; } handleLTE(lteInvalidSoftware, true);