From 0a737c8c87fded05a74cad5232c9c973b3037d61 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 16 Apr 2018 00:23:05 +0200 Subject: Windows: implement internal verification of Authenticode digital signature for all modules to protect against simple binaries tampering. --- src/Setup/SelfExtract.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/Setup/SelfExtract.c') diff --git a/src/Setup/SelfExtract.c b/src/Setup/SelfExtract.c index 9bae2119..7b3fb4fe 100644 --- a/src/Setup/SelfExtract.c +++ b/src/Setup/SelfExtract.c @@ -396,6 +396,15 @@ BOOL VerifyPackageIntegrity (void) GetModuleFileName (NULL, path, ARRAYSIZE (path)); +#ifdef NDEBUG + // verify Authenticode digital signature of the exe file + if (!VerifyModuleSignature (path)) + { + Error ("DIST_PACKAGE_CORRUPTED", NULL); + return FALSE; + } +#endif + fileDataEndPos = (int) FindStringInFile (path, MagEndMarker, strlen (MagEndMarker)); if (fileDataEndPos < 0) { -- cgit v1.2.3