[vlc-devel] commit: check if the binary signature was issued by the public key we got in memory , before real cryptographic verification ( Rafaël Carré )
git version control
git at videolan.org
Mon Mar 10 00:14:20 CET 2008
vlc | branch: master | Rafaël Carré <funman at videolan.org> | Sun Mar 9 21:55:27 2008 +0100| [6cd26fbcc7f7f35f4efa8438f2a064c982574358]
check if the binary signature was issued by the public key we got in memory, before real cryptographic verification
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=6cd26fbcc7f7f35f4efa8438f2a064c982574358
---
src/misc/update.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/src/misc/update.c b/src/misc/update.c
index c8d9482..d7c9d50 100644
--- a/src/misc/update.c
+++ b/src/misc/update.c
@@ -1368,6 +1368,18 @@ void update_DownloadReal( update_download_thread_t *p_udt )
goto end;
}
+ if( memcmp( sign.issuer_longid, p_update->p_pkey->longid, 8 ) )
+ {
+ utf8_unlink( psz_destfile );
+ msg_Err( p_udt, "Invalid signature issuer" );
+ intf_UserFatal( p_udt, VLC_TRUE, _("Invalid signature"),
+ _("The cryptographic signature for downloaded file \"%s\" was "
+ "invalid and couldn't be used to securely verify it, and so "
+ "VLC deleted it."),
+ psz_destfile );
+ goto end;
+ }
+
if( sign.type != BINARY_SIGNATURE )
{
utf8_unlink( psz_destfile );
More information about the vlc-devel
mailing list