Bug 709173 - updater.exe needs to be verified to be an updater, not just an executable signed by Mozilla. r=rstrong.

This commit is contained in:
Brian R. Bondy 2012-01-04 23:19:16 -05:00
parent 8222b67c24
commit 23424a0f1a
5 changed files with 62 additions and 2 deletions

View File

@ -45,3 +45,11 @@ BOOL VerifySameFiles(LPCWSTR file1Path, LPCWSTR file2Path, BOOL &sameContent);
// The bigger the better for speed, but this will be used
// on the stack so I don't want it to be too big.
#define COMPARE_BLOCKSIZE 32768
// The following string resource value is used to uniquely identify the signed
// Mozilla application as an updater. Before the maintenance service will
// execute the updater it must have this updater identity string in its string
// table. No other signed Mozilla product will have this string table value.
#define UPDATER_IDENTITY_STRING \
"moz-updater.exe-4cdccec4-5ee0-4a06-9817-4cd899a9db49"
#define IDS_UPDATER_IDENTITY 1006

View File

@ -72,6 +72,7 @@ const int SERVICE_UPDATER_COULD_NOT_BE_STARTED = 16000;
const int SERVICE_NOT_ENOUGH_COMMAND_LINE_ARGS = 16001;
const int SERVICE_UPDATER_SIGN_ERROR = 16002;
const int SERVICE_UPDATER_COMPARE_ERROR = 16003;
const int SERVICE_UPDATER_IDENTITY_ERROR = 16004;
/**
* Runs an update process as the service using the SYSTEM account.
@ -378,6 +379,42 @@ ProcessWorkItem(LPCWSTR monitoringBasePath,
return TRUE;
}
// Check to make sure the udpater.exe module has the unique updater identity.
// This is a security measure to make sure that the signed executable that
// we will run is actually an updater.
HMODULE updaterModule = LoadLibrary(updaterPath);
if (!updaterModule) {
LOG(("updater.exe module could not be loaded. (%d)\n", GetLastError()));
result = FALSE;
} else {
char updaterIdentity[64];
if (!LoadStringA(updaterModule, IDS_UPDATER_IDENTITY,
updaterIdentity, sizeof(updaterIdentity))) {
LOG(("The updater.exe application does not contain the Mozilla"
" updater identity.\n"));
result = FALSE;
}
if (strcmp(updaterIdentity, UPDATER_IDENTITY_STRING)) {
LOG(("The updater.exe identity string is not valid.\n"));
result = FALSE;
}
FreeLibrary(updaterModule);
}
if (result) {
LOG(("The updater.exe application contains the Mozilla"
" updater identity.\n"));
} else {
SetEvent(serviceRunningEvent);
if (argcTmp < 2 ||
!WriteStatusFailure(argvTmp[1],
SERVICE_UPDATER_IDENTITY_ERROR)) {
LOG(("Could not write update.status no updater identity.\n"));
}
return TRUE;
}
// Check for updater.exe sign problems
BOOL updaterSignProblem = FALSE;
#ifndef DISABLE_UPDATER_AUTHENTICODE_CHECK

View File

@ -147,6 +147,7 @@ const SERVICE_UPDATER_COULD_NOT_BE_STARTED = 16000;
const SERVICE_NOT_ENOUGH_COMMAND_LINE_ARGS = 16001;
const SERVICE_UPDATER_SIGN_ERROR = 16002;
const SERVICE_UPDATER_COMPARE_ERROR = 16003;
const SERVICE_UPDATER_IDENTITY_ERROR = 16004;
const CERT_ATTR_CHECK_FAILED_NO_UPDATE = 100;
const CERT_ATTR_CHECK_FAILED_HAS_UPDATE = 101;
@ -1437,7 +1438,8 @@ UpdateService.prototype = {
if (update.errorCode == SERVICE_UPDATER_COULD_NOT_BE_STARTED ||
update.errorCode == SERVICE_NOT_ENOUGH_COMMAND_LINE_ARGS ||
update.errorCode == SERVICE_UPDATER_SIGN_ERROR ||
update.errorCode == SERVICE_UPDATER_COMPARE_ERROR) {
update.errorCode == SERVICE_UPDATER_COMPARE_ERROR ||
update.errorCode == SERVICE_UPDATER_IDENTITY_ERROR) {
var failCount = getPref("getIntPref",
PREF_APP_UPDATE_SERVICE_ERRORS, 0);
var maxFail = getPref("getIntPref",

View File

@ -6,6 +6,7 @@
#define IDC_PROGRESS 1000
#define IDC_INFO 1002
#define IDI_DIALOG 1003
#define IDS_UPDATER_IDENTITY 1006
// Next default values for new objects
//
@ -13,7 +14,7 @@
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 102
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1003
#define _APS_NEXT_CONTROL_VALUE 1007
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif

View File

@ -35,6 +35,18 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
IDI_DIALOG ICON "updater.ico"
/////////////////////////////////////////////////////////////////////////////
//
// Embedded an identifier to uniquely identiy this as a Mozilla updater.
//
STRINGTABLE
{
IDS_UPDATER_IDENTITY, "moz-updater.exe-4cdccec4-5ee0-4a06-9817-4cd899a9db49"
}
/////////////////////////////////////////////////////////////////////////////
//
// Dialog