From 7c142fadbcaf384243e6f4f6df4d949c072afef5 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Sat, 30 Jun 2018 22:45:15 +0100 Subject: [PATCH] [net] improve handling of invalid signatures * Also make bPromptOnError an actual parameter to the download function calls * Also prefer the use of assert() to custom assertion messages --- res/localization/ChangeLog.txt | 1 + res/localization/rufus.loc | 1 + src/dev.c | 17 ++++----- src/dos_locale.c | 9 ++--- src/drive.c | 9 +++-- src/format.c | 3 +- src/net.c | 63 +++++++++++++++++++--------------- src/rufus.c | 29 +++++++--------- src/rufus.h | 6 ++-- src/rufus.rc | 10 +++--- src/stdio.c | 2 ++ src/stdlg.c | 21 +++++++++--- 12 files changed, 93 insertions(+), 78 deletions(-) diff --git a/res/localization/ChangeLog.txt b/res/localization/ChangeLog.txt index 6b67596c..d432b8aa 100644 --- a/res/localization/ChangeLog.txt +++ b/res/localization/ChangeLog.txt @@ -17,6 +17,7 @@ For instance, MSG_114, that was introduced in v1.0.8 is MORE than one line! o Version 1.0.24 (2018.??.??) - *NEW* MSG_087 + - *NEW* MSG_172 o Version 1.0.23 (2018.03.27) - All positioning ('m', 's') has now been removed as well as some controls, for the 3.0 UI redesign diff --git a/res/localization/rufus.loc b/res/localization/rufus.loc index d772e58e..0f305765 100644 --- a/res/localization/rufus.loc +++ b/res/localization/rufus.loc @@ -387,6 +387,7 @@ t MSG_169 "Create an extra hidden partition and try to align partitions boundari "This can improve boot detection for older BIOSes" t MSG_170 "Enable the listing of USB Hard Drive enclosures. USE AT YOUR OWN RISKS!!!" t MSG_171 "Start the formatting operation.\nThis will DESTROY any data on the target!" +t MSG_172 "Invalid download signature" t MSG_173 "Click to select..." # The following will appear in the about dialog t MSG_174 "Rufus - The Reliable USB Formatting Utility" diff --git a/src/dev.c b/src/dev.c index 94eef03e..d11129a5 100644 --- a/src/dev.c +++ b/src/dev.c @@ -32,6 +32,7 @@ #include #include #include +#include #include "rufus.h" #include "missing.h" @@ -452,16 +453,12 @@ BOOL GetDevices(DWORD devnum) if (strcmp(genstor_name[s], "SD") == 0) card_start = s; } - // Overkill, but better safe than sorry. And yeah, we could have used - // arrays of arrays to avoid this, but it's more readable this way. - if ((uasp_start <= 0) || (uasp_start >= ARRAYSIZE(usbstor_name))) { - uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__); - goto out; - } - if ((card_start <= 0) || (card_start >= ARRAYSIZE(genstor_name))) { - uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__); - goto out; - } + + // Better safe than sorry. And yeah, we could have used arrays of + // arrays to avoid this, but it's more readable this way. + assert((uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))); + assert((card_start > 0) && (card_start < ARRAYSIZE(genstor_name))); + devid_list = NULL; if (full_list_size != 0) { full_list_size += 1; // add extra NUL terminator diff --git a/src/dos_locale.c b/src/dos_locale.c index 53bad108..e524d2ab 100644 --- a/src/dos_locale.c +++ b/src/dos_locale.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "rufus.h" @@ -288,8 +289,8 @@ static const char* kb_to_hr(const char* kb) } } // Should never happen, so let's try to get some attention here - MessageBoxA(hMainDialog, "YO BNLA #1", "UHAHAHHA?", MB_OKCANCEL|MB_ICONWARNING); - return "Someone missed a keyboard!"; + assert(i < ARRAYSIZE(kb_hr_list)); + return NULL; } typedef struct { @@ -425,8 +426,8 @@ static const char* cp_to_hr(ULONG cp) } } // Should never happen, so this oughta get some attention - MessageBoxA(hMainDialog, "YO BNLA #2", "UHAHAHHA?", MB_OKCANCEL|MB_ICONWARNING); - return "Someone missed a codepage!"; + assert(i < ARRAYSIZE(cp_hr_list)); + return NULL; } // http://blogs.msdn.com/b/michkap/archive/2004/12/05/275231.aspx diff --git a/src/drive.c b/src/drive.c index 22ed314f..22a28bb3 100644 --- a/src/drive.c +++ b/src/drive.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "rufus.h" #include "missing.h" @@ -109,11 +110,9 @@ BOOL GetAutoMount(BOOL* enabled) * clear the MBR of!), so we mitigate the risk by forcing our indexes to belong to * the specific range [DRIVE_INDEX_MIN; DRIVE_INDEX_MAX]. */ -#define CheckDriveIndex(DriveIndex) do { \ - if ((DriveIndex < DRIVE_INDEX_MIN) || (DriveIndex > DRIVE_INDEX_MAX)) { \ - uprintf("ERROR: Bad index value %d. Please check the code!", DriveIndex); \ - goto out; \ - } \ +#define CheckDriveIndex(DriveIndex) do { \ + assert((DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)); \ + if ((DriveIndex < DRIVE_INDEX_MIN) || (DriveIndex > DRIVE_INDEX_MAX)) goto out; \ DriveIndex -= DRIVE_INDEX_MIN; } while (0) /* diff --git a/src/format.c b/src/format.c index fd106faf..b5bfb052 100644 --- a/src/format.c +++ b/src/format.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "rufus.h" #include "missing.h" @@ -1957,8 +1958,8 @@ DWORD WINAPI FormatThread(void* param) // All good } else if (tt == TT_UEFI) { // For once, no need to do anything - just check our sanity + assert((bt == BT_IMAGE) && IS_EFI_BOOTABLE(img_report) && (fs <= FS_NTFS)); if ( (bt != BT_IMAGE) || !IS_EFI_BOOTABLE(img_report) || (fs > FS_NTFS) ) { - uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__); FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|ERROR_INSTALL_FAILURE; goto out; } diff --git a/src/net.c b/src/net.c index d28fbf17..bd1a716b 100644 --- a/src/net.c +++ b/src/net.c @@ -45,7 +45,6 @@ #define DEFAULT_UPDATE_INTERVAL (24*3600) DWORD DownloadStatus; -BOOL PromptOnError = TRUE; extern BOOL force_update; static DWORD error_code; @@ -259,6 +258,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu PF_INIT_OR_OUT(HttpSendRequestA, WinInet); PF_INIT_OR_OUT(HttpQueryInfoA, WinInet); + FormatStatus = 0; DownloadStatus = 404; if (hProgressDialog != NULL) { // Use the progress control provided, if any @@ -270,8 +270,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu SendMessage(hProgressDialog, UM_PROGRESS_INIT, 0, 0); } - if (url == NULL) - goto out; + assert(url != NULL); short_name = (file != NULL) ? PathFindFileNameU(file) : PathFindFileNameU(url); @@ -361,6 +360,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu // Keep checking for data until there is nothing left. dwSize = 0; while (1) { + // User may have cancelled the download if (IS_ERROR(FormatStatus)) goto out; if (!pfInternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0)) @@ -388,6 +388,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|ERROR_WRITE_FAULT; goto out; } else { + DownloadStatus = 200; r = TRUE; uprintf("Successfully downloaded '%s'", short_name); if (hProgressDialog != NULL) { @@ -397,23 +398,13 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu } out: - if (hProgressDialog != NULL) - SendMessage(hProgressDialog, UM_PROGRESS_EXIT, (WPARAM)r, 0); if (hFile != INVALID_HANDLE_VALUE) { // Force a flush - May help with the PKI API trying to process downloaded updates too early... FlushFileBuffers(hFile); CloseHandle(hFile); } - if (!r) { - if (file != NULL) - _unlinkU(file); - if (PromptOnError) { - PrintInfo(0, MSG_242); - SetLastError(error_code); - MessageBoxExU(hMainDialog, IS_ERROR(FormatStatus)?StrError(FormatStatus, FALSE):WinInetErrorString(), - lmprintf(MSG_044), MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid); - } - } + if ((!r) && (file != NULL)) + _unlinkU(file); if (hRequest) pfInternetCloseHandle(hRequest); if (hConnection) @@ -421,11 +412,11 @@ out: if (hSession) pfInternetCloseHandle(hSession); - return r?dwSize:0; + return r ? dwSize : 0; } // Download and validate a signed file. The file must have a corresponding '.sig' on the server. -DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog) +DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog, BOOL bPromptOnError) { char* url_sig = NULL; BYTE *buf = NULL, *sig = NULL; @@ -433,8 +424,7 @@ DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog DWORD ret = 0; HANDLE hFile = INVALID_HANDLE_VALUE; - if (url == NULL) - goto out; + assert(url != NULL); url_sig = malloc(strlen(url) + 5); if (url_sig == NULL) { @@ -451,6 +441,7 @@ DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog if ((sig_len != RSA_SIGNATURE_SIZE) || (!ValidateOpensslSignature(buf, buf_len, sig, sig_len))) { uprintf("FATAL: Server signature is invalid!"); DownloadStatus = 403; // Forbidden + FormatStatus = ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | APPERR(ERROR_BAD_SIGNATURE); goto out; } @@ -473,6 +464,14 @@ DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog DownloadStatus = 200; // Full content out: + if (hProgressDialog != NULL) + SendMessage(hProgressDialog, UM_PROGRESS_EXIT, (WPARAM)ret, 0); + if ((bPromptOnError) && (DownloadStatus != 200)) { + PrintInfo(0, MSG_242); + SetLastError(error_code); + MessageBoxExU(hMainDialog, IS_ERROR(FormatStatus) ? StrError(FormatStatus, FALSE) : WinInetErrorString(), + lmprintf(MSG_044), MB_OK | MB_ICONERROR | MB_IS_RTL, selected_langid); + } safe_closehandle(hFile); free(url_sig); free(buf); @@ -481,19 +480,27 @@ out: } /* Threaded download */ -static const char *_url, *_file; -static HWND _hProgressDialog; -static DWORD WINAPI _DownloadSignedFileThread(LPVOID param) +typedef struct { + const char* url; + const char* file; + HWND hProgressDialog; + BOOL bPromptOnError; +} DownloadSignedFileThreadArgs; + +static DWORD WINAPI DownloadSignedFileThread(LPVOID param) { - ExitThread(DownloadSignedFile(_url, _file, _hProgressDialog) != 0); + DownloadSignedFileThreadArgs* args = (DownloadSignedFileThreadArgs*)param; + ExitThread(DownloadSignedFile(args->url, args->file, args->hProgressDialog, args->bPromptOnError)); } -HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog) +HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog, BOOL bPromptOnError) { - _url = url; - _file = file; - _hProgressDialog = hProgressDialog; - return CreateThread(NULL, 0, _DownloadSignedFileThread, NULL, 0, NULL); + static DownloadSignedFileThreadArgs args; + args.url = url; + args.file = file; + args.hProgressDialog = hProgressDialog; + args.bPromptOnError = bPromptOnError; + return CreateThread(NULL, 0, DownloadSignedFileThread, &args, 0, NULL); } static __inline uint64_t to_uint64_t(uint16_t x[4]) { diff --git a/src/rufus.c b/src/rufus.c index a0f62e22..cb91466f 100644 --- a/src/rufus.c +++ b/src/rufus.c @@ -35,6 +35,7 @@ #include #include #include +#include #include "rufus.h" #include "missing.h" @@ -1459,11 +1460,9 @@ static BOOL BootCheck(void) safe_free(grub2_buf); if (bt == BT_IMAGE) { // We should never be there - if (image_path == NULL) { - uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__); - MessageBoxExU(hMainDialog, "image_path is NULL. Please report this error to the author of this application", "Logic error", MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid); + assert(image_path != NULL); + if (image_path == NULL) return FALSE; - } if ((size_check) && (img_report.projected_size > (uint64_t)SelectedDrive.DiskSize)) { // This ISO image is too big for the selected target MessageBoxExU(hMainDialog, lmprintf(MSG_089), lmprintf(MSG_088), MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid); @@ -1566,9 +1565,7 @@ static BOOL BootCheck(void) IGNORE_RETVAL(_mkdir(tmp)); IGNORE_RETVAL(_chdir(tmp)); static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, grub, img_report.grub2_version, core_img); - PromptOnError = FALSE; - grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog); - PromptOnError = TRUE; + grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog, FALSE); if ((grub2_len == 0) && (DownloadStatus == 404)) { // Couldn't locate the file on the server => try to download without the version extra uprintf("Extended version was not found, trying main version..."); @@ -1577,9 +1574,7 @@ static BOOL BootCheck(void) for (i = 0; ((tmp2[i] >= '0') && (tmp2[i] <= '9')) || (tmp2[i] == '.'); i++); tmp2[i] = 0; static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, grub, tmp2, core_img); - PromptOnError = FALSE; - grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog); - PromptOnError = TRUE; + grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog, FALSE); static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, grub, img_report.grub2_version, core_img); } if (grub2_len <= 0) { @@ -1624,7 +1619,7 @@ static BOOL BootCheck(void) static_sprintf(tmp, "%s-%s", syslinux, embedded_sl_version_str[0]); IGNORE_RETVAL(_mkdir(tmp)); static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, syslinux, embedded_sl_version_str[0], old_c32_name[i]); - len = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog); + len = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog, TRUE); if (len == 0) { uprintf("Could not download file - cancelling"); return FALSE; @@ -1671,15 +1666,15 @@ static BOOL BootCheck(void) } static_sprintf(tmp, "%s/%s-%s%s/%s.%s", FILES_URL, syslinux, img_report.sl_version_str, img_report.sl_version_ext, ldlinux, ldlinux_ext[i]); - PromptOnError = (*img_report.sl_version_ext == 0); - syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog); - PromptOnError = TRUE; + syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], + hMainDialog, (*img_report.sl_version_ext == 0)); if ((syslinux_ldlinux_len[i] == 0) && (DownloadStatus == 404) && (*img_report.sl_version_ext != 0)) { // Couldn't locate the file on the server => try to download without the version extra uprintf("Extended version was not found, trying main version..."); static_sprintf(tmp, "%s/%s-%s/%s.%s", FILES_URL, syslinux, img_report.sl_version_str, ldlinux, ldlinux_ext[i]); - syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog); + syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], + hMainDialog, (*img_report.sl_version_ext == 0)); if (syslinux_ldlinux_len[i] != 0) { // Duplicate the file so that the user won't be prompted to download again static_sprintf(tmp, "%s-%s\\%s.%s", syslinux, img_report.sl_version_str, ldlinux, ldlinux_ext[i]); @@ -1722,7 +1717,7 @@ static BOOL BootCheck(void) static_sprintf(tmp, "%s-%s", syslinux, embedded_sl_version_str[1]); IGNORE_RETVAL(_mkdir(tmp)); static_sprintf(tmp, "%s/%s-%s/%s.%s", FILES_URL, syslinux, embedded_sl_version_str[1], ldlinux, ldlinux_ext[2]); - if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog) == 0) + if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog, TRUE) == 0) return FALSE; } } @@ -1752,7 +1747,7 @@ static BOOL BootCheck(void) static_sprintf(tmp, "grub4dos-%s", GRUB4DOS_VERSION); IGNORE_RETVAL(_mkdir(tmp)); static_sprintf(tmp, "%s/grub4dos-%s/grldr", FILES_URL, GRUB4DOS_VERSION); - if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog) == 0) + if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog, TRUE) == 0) return FALSE; } } diff --git a/src/rufus.h b/src/rufus.h index 3a2bb7c0..5c01109d 100644 --- a/src/rufus.h +++ b/src/rufus.h @@ -400,7 +400,6 @@ extern float fScale; extern char szFolderPath[MAX_PATH], app_dir[MAX_PATH], temp_dir[MAX_PATH], system_dir[MAX_PATH], sysnative_dir[MAX_PATH]; extern char* image_path; extern DWORD FormatStatus, DownloadStatus, MainThreadId; -extern BOOL PromptOnError; extern unsigned long syslinux_ldlinux_len[2]; extern const int nb_steps[FS_MAX]; extern BOOL use_own_c32[NB_OLD_C32], detect_fakes, iso_op_in_progress, format_op_in_progress, right_to_left_mode; @@ -476,8 +475,8 @@ extern BOOL ResetDevice(int index); extern BOOL GetOpticalMedia(IMG_SAVE* img_save); extern BOOL SetLGP(BOOL bRestore, BOOL* bExistingKey, const char* szPath, const char* szPolicy, DWORD dwValue); extern LONG GetEntryWidth(HWND hDropDown, const char* entry); -extern DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog); -extern HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog); +extern DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog, BOOL PromptOnError); +extern HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog, BOOL bPromptOnError); extern INT_PTR CALLBACK UpdateCallback(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam); extern BOOL SetUpdateCheck(void); extern BOOL CheckForUpdates(BOOL force); @@ -614,3 +613,4 @@ static __inline HMODULE GetLibraryHandle(char* szLibraryName) { #define ERROR_CANT_PATCH 0x120A #define ERROR_CANT_ASSIGN_LETTER 0x120B #define ERROR_CANT_MOUNT_VOLUME 0x120C +#define ERROR_BAD_SIGNATURE 0x120D diff --git a/src/rufus.rc b/src/rufus.rc index 4c424577..e86b1899 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 3.2.1325" +CAPTION "Rufus 3.2.1326" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -389,8 +389,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 3,2,1325,0 - PRODUCTVERSION 3,2,1325,0 + FILEVERSION 3,2,1326,0 + PRODUCTVERSION 3,2,1326,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -407,13 +407,13 @@ BEGIN BEGIN VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "3.2.1325" + VALUE "FileVersion", "3.2.1326" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2018 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html" VALUE "OriginalFilename", "rufus.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "3.2.1325" + VALUE "ProductVersion", "3.2.1326" END END BLOCK "VarFileInfo" diff --git a/src/stdio.c b/src/stdio.c index 1fc4116d..4353d6a4 100644 --- a/src/stdio.c +++ b/src/stdio.c @@ -315,6 +315,8 @@ const char* _StrError(DWORD error_code) return lmprintf(MSG_078); case ERROR_NOT_READY: return lmprintf(MSG_079); + case ERROR_BAD_SIGNATURE: + return lmprintf(MSG_172); default: SetLastError(error_code); return WindowsErrorString(); diff --git a/src/stdlg.c b/src/stdlg.c index 2f1a0c86..6032f1f2 100644 --- a/src/stdlg.c +++ b/src/stdlg.c @@ -1558,8 +1558,9 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR static char* filepath = NULL; static int download_status = 0; static HFONT hyperlink_font = NULL; - LONG i; + static HANDLE hThread = NULL; HWND hNotes; + DWORD exit_code; STARTUPINFOA si; PROCESS_INFORMATION pi; EXT_DECL(dl_ext, NULL, __VA_GROUP__("*.exe"), __VA_GROUP__(lmprintf(MSG_037))); @@ -1614,8 +1615,16 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR case 1: // Abort FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|ERROR_CANCELLED; download_status = 0; + hThread = NULL; break; case 2: // Launch newer version and close this one + if ((hThread == NULL) || (!GetExitCodeThread(hThread, &exit_code)) || (exit_code == 0)) { + hThread = NULL; + EnableWindow(GetDlgItem(hDlg, IDC_DOWNLOAD), FALSE); + break; + } + + hThread = NULL; Sleep(1000); // Add a delay on account of antivirus scanners if (ValidateSignature(hDlg, filepath) != NO_ERROR) { @@ -1642,8 +1651,7 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR uprintf("Could not get download URL"); break; } - for (i=(int)strlen(update.download_url); (i>0)&&(update.download_url[i]!='/'); i--); - dl_ext.filename = &update.download_url[i+1]; + dl_ext.filename = PathFindFileNameU(update.download_url); filepath = FileDialog(TRUE, app_dir, &dl_ext, OFN_NOCHANGEDIR); if (filepath == NULL) { uprintf("Could not get save path"); @@ -1651,7 +1659,7 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR } // Opening the File Dialog will make us lose tabbing focus - set it back SendMessage(hDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hDlg, IDC_DOWNLOAD), TRUE); - DownloadSignedFileThreaded(update.download_url, filepath, hDlg); + hThread = DownloadSignedFileThreaded(update.download_url, filepath, hDlg, TRUE); break; } return (INT_PTR)TRUE; @@ -1665,11 +1673,14 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR return (INT_PTR)TRUE; case UM_PROGRESS_EXIT: EnableWindow(GetDlgItem(hDlg, IDCANCEL), TRUE); - if (wParam) { + if (wParam != 0) { SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD), lmprintf(MSG_039)); download_status = 2; } else { SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD), lmprintf(MSG_040)); + // Disable the download button if we found an invalid signature + EnableWindow(GetDlgItem(hDlg, IDC_DOWNLOAD), + FormatStatus != (ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | APPERR(ERROR_BAD_SIGNATURE))); download_status = 0; } return (INT_PTR)TRUE;