[net] improve handling of invalid signatures

* Also make bPromptOnError an actual parameter to the download function calls * Also prefer the use of assert() to custom assertion messages
2025-05-17 08:34:27 -04:00 · 2018-06-30 22:45:15 +01:00 · 2018-06-30 22:45:15 +01:00 · 7c142fadbc
commit 7c142fadbc
parent fdfc9ff82d
12 changed files with 93 additions and 78 deletions
--- a/res/localization/ChangeLog.txt
+++ b/res/localization/ChangeLog.txt
@ -17,6 +17,7 @@ For instance, MSG_114, that was introduced in v1.0.8 is MORE than one line!
 o Version 1.0.24 (2018.??.??)
  - *NEW*      MSG_087
  - *NEW*      MSG_172
 o Version 1.0.23 (2018.03.27)
  - All positioning ('m', 's') has now been removed as well as some controls, for the 3.0 UI redesign
--- a/res/localization/rufus.loc
+++ b/res/localization/rufus.loc
@ -387,6 +387,7 @@ t MSG_169 "Create an extra hidden partition and try to align partitions boundari
 	"This can improve boot detection for older BIOSes"
 t MSG_170 "Enable the listing of USB Hard Drive enclosures. USE AT YOUR OWN RISKS!!!"
 t MSG_171 "Start the formatting operation.\nThis will DESTROY any data on the target!"
 t MSG_172 "Invalid download signature"
 t MSG_173 "Click to select..."
 # The following will appear in the about dialog
 t MSG_174 "Rufus - The Reliable USB Formatting Utility"
--- a/src/dev.c
+++ b/src/dev.c
@ -32,6 +32,7 @@
 #include <inttypes.h>
 #include <commctrl.h>
 #include <setupapi.h>
 #include <assert.h>
 #include "rufus.h"
 #include "missing.h"
@ -452,16 +453,12 @@ BOOL GetDevices(DWORD devnum)
 		if (strcmp(genstor_name[s], "SD") == 0)
 			card_start = s;
 	}
-	// Overkill, but better safe than sorry. And yeah, we could have used
+
-	// arrays of arrays to avoid this, but it's more readable this way.
+	// Better safe than sorry. And yeah, we could have used arrays of
-	if ((uasp_start <= 0) || (uasp_start >= ARRAYSIZE(usbstor_name))) {
+	// arrays to avoid this, but it's more readable this way.
-		uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__);
+	assert((uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name)));
-		goto out;
+	assert((card_start > 0) && (card_start < ARRAYSIZE(genstor_name)));
-	}
+
 	if ((card_start <= 0) || (card_start >= ARRAYSIZE(genstor_name))) {
 		uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__);
 		goto out;
 	}
 	devid_list = NULL;
 	if (full_list_size != 0) {
 		full_list_size += 1;	// add extra NUL terminator
--- a/src/dos_locale.c
+++ b/src/dos_locale.c
@ -26,6 +26,7 @@
 #include <windows.h>
 #include <stdio.h>
 #include <string.h>
 #include <assert.h>
 #include "rufus.h"
@ -288,8 +289,8 @@ static const char* kb_to_hr(const char* kb)
 		}
 	}
 	// Should never happen, so let's try to get some attention here
-	MessageBoxA(hMainDialog, "YO BNLA #1", "UHAHAHHA?", MB_OKCANCEL|MB_ICONWARNING);
+	assert(i < ARRAYSIZE(kb_hr_list));
-	return "Someone missed a keyboard!";
+	return NULL;
 }
 typedef struct {
@ -425,8 +426,8 @@ static const char* cp_to_hr(ULONG cp)
 		}
 	}
 	// Should never happen, so this oughta get some attention
-	MessageBoxA(hMainDialog, "YO BNLA #2", "UHAHAHHA?", MB_OKCANCEL|MB_ICONWARNING);
+	assert(i < ARRAYSIZE(cp_hr_list));
-	return "Someone missed a codepage!";
+	return NULL;
 }
 // http://blogs.msdn.com/b/michkap/archive/2004/12/05/275231.aspx
--- a/src/drive.c
+++ b/src/drive.c
@ -25,6 +25,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
 #include <assert.h>
 #include "rufus.h"
 #include "missing.h"
@ -109,11 +110,9 @@ BOOL GetAutoMount(BOOL* enabled)
 * clear the MBR of!), so we mitigate the risk by forcing our indexes to belong to
 * the specific range [DRIVE_INDEX_MIN; DRIVE_INDEX_MAX].
 */
-#define CheckDriveIndex(DriveIndex) do { \
+#define CheckDriveIndex(DriveIndex) do {                                            \
-	if ((DriveIndex < DRIVE_INDEX_MIN) || (DriveIndex > DRIVE_INDEX_MAX)) { \
+	assert((DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX));     \
-		uprintf("ERROR: Bad index value %d. Please check the code!", DriveIndex); \
+	if ((DriveIndex < DRIVE_INDEX_MIN) || (DriveIndex > DRIVE_INDEX_MAX)) goto out; \
 		goto out; \
 	} \
 	DriveIndex -= DRIVE_INDEX_MIN; } while (0)
 /*
--- a/src/format.c
+++ b/src/format.c
@ -31,6 +31,7 @@
 #include <stddef.h>
 #include <ctype.h>
 #include <locale.h>
 #include <assert.h>
 #include "rufus.h"
 #include "missing.h"
@ -1957,8 +1958,8 @@ DWORD WINAPI FormatThread(void* param)
 			// All good
 		} else if (tt == TT_UEFI) {
 			// For once, no need to do anything - just check our sanity
 			assert((bt == BT_IMAGE) && IS_EFI_BOOTABLE(img_report) && (fs <= FS_NTFS));
 			if ( (bt != BT_IMAGE) || !IS_EFI_BOOTABLE(img_report) || (fs > FS_NTFS) ) {
 				uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__);
 				FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|ERROR_INSTALL_FAILURE;
 				goto out;
 			}
--- a/src/net.c
+++ b/src/net.c
@ -45,7 +45,6 @@
 #define DEFAULT_UPDATE_INTERVAL (24*3600)
 DWORD DownloadStatus;
 BOOL PromptOnError = TRUE;
 extern BOOL force_update;
 static DWORD error_code;
@ -259,6 +258,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu
 	PF_INIT_OR_OUT(HttpSendRequestA, WinInet);
 	PF_INIT_OR_OUT(HttpQueryInfoA, WinInet);
 	FormatStatus = 0;
 	DownloadStatus = 404;
 	if (hProgressDialog != NULL) {
 		// Use the progress control provided, if any
@ -270,8 +270,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu
 		SendMessage(hProgressDialog, UM_PROGRESS_INIT, 0, 0);
 	}
-	if (url == NULL)
+	assert(url != NULL);
 		goto out;
 	short_name = (file != NULL) ? PathFindFileNameU(file) : PathFindFileNameU(url);
@ -361,6 +360,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu
 	// Keep checking for data until there is nothing left.
 	dwSize = 0;
 	while (1) {
 		// User may have cancelled the download
 		if (IS_ERROR(FormatStatus))
 			goto out;
 		if (!pfInternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0))
@ -388,6 +388,7 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu
 		FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|ERROR_WRITE_FAULT;
 		goto out;
 	} else {
 		DownloadStatus = 200;
 		r = TRUE;
 		uprintf("Successfully downloaded '%s'", short_name);
 		if (hProgressDialog != NULL) {
@ -397,23 +398,13 @@ static DWORD DownloadToFileOrBuffer(const char* url, const char* file, BYTE** bu
 	}
 out:
 	if (hProgressDialog != NULL)
 		SendMessage(hProgressDialog, UM_PROGRESS_EXIT, (WPARAM)r, 0);
 	if (hFile != INVALID_HANDLE_VALUE) {
 		// Force a flush - May help with the PKI API trying to process downloaded updates too early...
 		FlushFileBuffers(hFile);
 		CloseHandle(hFile);
 	}
-	if (!r) {
+	if ((!r) && (file != NULL))
-		if (file != NULL)
+		_unlinkU(file);
 			_unlinkU(file);
 		if (PromptOnError) {
 			PrintInfo(0, MSG_242);
 			SetLastError(error_code);
 			MessageBoxExU(hMainDialog, IS_ERROR(FormatStatus)?StrError(FormatStatus, FALSE):WinInetErrorString(),
 			lmprintf(MSG_044), MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid);
 		}
 	}
 	if (hRequest)
 		pfInternetCloseHandle(hRequest);
 	if (hConnection)
@ -421,11 +412,11 @@ out:
 	if (hSession)
 		pfInternetCloseHandle(hSession);
-	return r?dwSize:0;
+	return r ? dwSize : 0;
 }
 // Download and validate a signed file. The file must have a corresponding '.sig' on the server.
-DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog)
+DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog, BOOL bPromptOnError)
 {
 	char* url_sig = NULL;
 	BYTE *buf = NULL, *sig = NULL;
@ -433,8 +424,7 @@ DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog
 	DWORD ret = 0;
 	HANDLE hFile = INVALID_HANDLE_VALUE;
-	if (url == NULL)
+	assert(url != NULL);
 		goto out;
 	url_sig = malloc(strlen(url) + 5);
 	if (url_sig == NULL) {
@ -451,6 +441,7 @@ DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog
 	if ((sig_len != RSA_SIGNATURE_SIZE) || (!ValidateOpensslSignature(buf, buf_len, sig, sig_len))) {
 		uprintf("FATAL: Server signature is invalid!");
 		DownloadStatus = 403;	// Forbidden
 		FormatStatus = ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | APPERR(ERROR_BAD_SIGNATURE);
 		goto out;
 	}
@ -473,6 +464,14 @@ DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog
 	DownloadStatus = 200;	// Full content
 out:
 	if (hProgressDialog != NULL)
 		SendMessage(hProgressDialog, UM_PROGRESS_EXIT, (WPARAM)ret, 0);
 	if ((bPromptOnError) && (DownloadStatus != 200)) {
 		PrintInfo(0, MSG_242);
 		SetLastError(error_code);
 		MessageBoxExU(hMainDialog, IS_ERROR(FormatStatus) ? StrError(FormatStatus, FALSE) : WinInetErrorString(),
 			lmprintf(MSG_044), MB_OK | MB_ICONERROR | MB_IS_RTL, selected_langid);
 	}
 	safe_closehandle(hFile);
 	free(url_sig);
 	free(buf);
@ -481,19 +480,27 @@ out:
 }
 /* Threaded download */
-static const char *_url, *_file;
+typedef struct {
-static HWND _hProgressDialog;
+	const char* url;
-static DWORD WINAPI _DownloadSignedFileThread(LPVOID param)
+	const char* file;
 	HWND hProgressDialog;
 	BOOL bPromptOnError;
 } DownloadSignedFileThreadArgs;
 static DWORD WINAPI DownloadSignedFileThread(LPVOID param)
 {
-	ExitThread(DownloadSignedFile(_url, _file, _hProgressDialog) != 0);
+	DownloadSignedFileThreadArgs* args = (DownloadSignedFileThreadArgs*)param;
 	ExitThread(DownloadSignedFile(args->url, args->file, args->hProgressDialog, args->bPromptOnError));
 }
-HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog)
+HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog, BOOL bPromptOnError)
 {
-	_url = url;
+	static DownloadSignedFileThreadArgs args;
-	_file = file;
+	args.url = url;
-	_hProgressDialog = hProgressDialog;
+	args.file = file;
-	return CreateThread(NULL, 0, _DownloadSignedFileThread, NULL, 0, NULL);
+	args.hProgressDialog = hProgressDialog;
 	args.bPromptOnError = bPromptOnError;
 	return CreateThread(NULL, 0, DownloadSignedFileThread, &args, 0, NULL);
 }
 static __inline uint64_t to_uint64_t(uint16_t x[4]) {
--- a/src/rufus.c
+++ b/src/rufus.c
@ -35,6 +35,7 @@
 #include <dbt.h>
 #include <io.h>
 #include <getopt.h>
 #include <assert.h>
 #include "rufus.h"
 #include "missing.h"
@ -1459,11 +1460,9 @@ static BOOL BootCheck(void)
 	safe_free(grub2_buf);
 	if (bt == BT_IMAGE) {
 		// We should never be there
-		if (image_path == NULL) {
+		assert(image_path != NULL);
-			uprintf("Spock gone crazy error in %s:%d", __FILE__, __LINE__);
+		if (image_path == NULL)
 			MessageBoxExU(hMainDialog, "image_path is NULL. Please report this error to the author of this application", "Logic error", MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid);
 			return FALSE;
 		}
 		if ((size_check) && (img_report.projected_size > (uint64_t)SelectedDrive.DiskSize)) {
 			// This ISO image is too big for the selected target
 			MessageBoxExU(hMainDialog, lmprintf(MSG_089), lmprintf(MSG_088), MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid);
@ -1566,9 +1565,7 @@ static BOOL BootCheck(void)
 					IGNORE_RETVAL(_mkdir(tmp));
 					IGNORE_RETVAL(_chdir(tmp));
 					static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, grub, img_report.grub2_version, core_img);
-					PromptOnError = FALSE;
+					grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog, FALSE);
 					grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog);
 					PromptOnError = TRUE;
 					if ((grub2_len == 0) && (DownloadStatus == 404)) {
 						// Couldn't locate the file on the server => try to download without the version extra
 						uprintf("Extended version was not found, trying main version...");
@ -1577,9 +1574,7 @@ static BOOL BootCheck(void)
 						for (i = 0; ((tmp2[i] >= '0') && (tmp2[i] <= '9')) || (tmp2[i] == '.'); i++);
 						tmp2[i] = 0;
 						static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, grub, tmp2, core_img);
-						PromptOnError = FALSE;
+						grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog, FALSE);
 						grub2_len = (long)DownloadSignedFile(tmp, core_img, hMainDialog);
 						PromptOnError = TRUE;
 						static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, grub, img_report.grub2_version, core_img);
 					}
 					if (grub2_len <= 0) {
@ -1624,7 +1619,7 @@ static BOOL BootCheck(void)
 								static_sprintf(tmp, "%s-%s", syslinux, embedded_sl_version_str[0]);
 								IGNORE_RETVAL(_mkdir(tmp));
 								static_sprintf(tmp, "%s/%s-%s/%s", FILES_URL, syslinux, embedded_sl_version_str[0], old_c32_name[i]);
-								len = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog);
+								len = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog, TRUE);
 								if (len == 0) {
 									uprintf("Could not download file - cancelling");
 									return FALSE;
@ -1671,15 +1666,15 @@ static BOOL BootCheck(void)
 						}
 						static_sprintf(tmp, "%s/%s-%s%s/%s.%s", FILES_URL, syslinux, img_report.sl_version_str,
 							img_report.sl_version_ext, ldlinux, ldlinux_ext[i]);
-						PromptOnError = (*img_report.sl_version_ext == 0);
+						syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)],
-						syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog);
+							hMainDialog, (*img_report.sl_version_ext == 0));
 						PromptOnError = TRUE;
 						if ((syslinux_ldlinux_len[i] == 0) && (DownloadStatus == 404) && (*img_report.sl_version_ext != 0)) {
 							// Couldn't locate the file on the server => try to download without the version extra
 							uprintf("Extended version was not found, trying main version...");
 							static_sprintf(tmp, "%s/%s-%s/%s.%s", FILES_URL, syslinux, img_report.sl_version_str,
 								ldlinux, ldlinux_ext[i]);
-							syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog);
+							syslinux_ldlinux_len[i] = DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)],
 								hMainDialog, (*img_report.sl_version_ext == 0));
 							if (syslinux_ldlinux_len[i] != 0) {
 								// Duplicate the file so that the user won't be prompted to download again
 								static_sprintf(tmp, "%s-%s\\%s.%s", syslinux, img_report.sl_version_str, ldlinux, ldlinux_ext[i]);
@ -1722,7 +1717,7 @@ static BOOL BootCheck(void)
 				static_sprintf(tmp, "%s-%s", syslinux, embedded_sl_version_str[1]);
 				IGNORE_RETVAL(_mkdir(tmp));
 				static_sprintf(tmp, "%s/%s-%s/%s.%s", FILES_URL, syslinux, embedded_sl_version_str[1], ldlinux, ldlinux_ext[2]);
-				if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog) == 0)
+				if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog, TRUE) == 0)
 					return FALSE;
 			}
 		}
@ -1752,7 +1747,7 @@ static BOOL BootCheck(void)
 				static_sprintf(tmp, "grub4dos-%s", GRUB4DOS_VERSION);
 				IGNORE_RETVAL(_mkdir(tmp));
 				static_sprintf(tmp, "%s/grub4dos-%s/grldr", FILES_URL, GRUB4DOS_VERSION);
-				if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog) == 0)
+				if (DownloadSignedFile(tmp, &tmp[sizeof(FILES_URL)], hMainDialog, TRUE) == 0)
 					return FALSE;
 			}
 		}
--- a/src/rufus.h
+++ b/src/rufus.h
@ -400,7 +400,6 @@ extern float fScale;
 extern char szFolderPath[MAX_PATH], app_dir[MAX_PATH], temp_dir[MAX_PATH], system_dir[MAX_PATH], sysnative_dir[MAX_PATH];
 extern char* image_path;
 extern DWORD FormatStatus, DownloadStatus, MainThreadId;
 extern BOOL PromptOnError;
 extern unsigned long syslinux_ldlinux_len[2];
 extern const int nb_steps[FS_MAX];
 extern BOOL use_own_c32[NB_OLD_C32], detect_fakes, iso_op_in_progress, format_op_in_progress, right_to_left_mode;
@ -476,8 +475,8 @@ extern BOOL ResetDevice(int index);
 extern BOOL GetOpticalMedia(IMG_SAVE* img_save);
 extern BOOL SetLGP(BOOL bRestore, BOOL* bExistingKey, const char* szPath, const char* szPolicy, DWORD dwValue);
 extern LONG GetEntryWidth(HWND hDropDown, const char* entry);
-extern DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog);
+extern DWORD DownloadSignedFile(const char* url, const char* file, HWND hProgressDialog, BOOL PromptOnError);
-extern HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog);
+extern HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgressDialog, BOOL bPromptOnError);
 extern INT_PTR CALLBACK UpdateCallback(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam);
 extern BOOL SetUpdateCheck(void);
 extern BOOL CheckForUpdates(BOOL force);
@ -614,3 +613,4 @@ static __inline HMODULE GetLibraryHandle(char* szLibraryName) {
 #define ERROR_CANT_PATCH               0x120A
 #define ERROR_CANT_ASSIGN_LETTER       0x120B
 #define ERROR_CANT_MOUNT_VOLUME        0x120C
 #define ERROR_BAD_SIGNATURE            0x120D
--- a/src/rufus.rc
+++ b/src/rufus.rc
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.2.1325"
+CAPTION "Rufus 3.2.1326"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
    LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -389,8 +389,8 @@ END
 //
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,2,1325,0
+ FILEVERSION 3,2,1326,0
- PRODUCTVERSION 3,2,1325,0
+ PRODUCTVERSION 3,2,1326,0
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -407,13 +407,13 @@ BEGIN
        BEGIN
            VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
            VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.2.1325"
+            VALUE "FileVersion", "3.2.1326"
            VALUE "InternalName", "Rufus"
            VALUE "LegalCopyright", "© 2011-2018 Pete Batard (GPL v3)"
            VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
            VALUE "OriginalFilename", "rufus.exe"
            VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.2.1325"
+            VALUE "ProductVersion", "3.2.1326"
        END
    END
    BLOCK "VarFileInfo"
--- a/src/stdio.c
+++ b/src/stdio.c
@ -315,6 +315,8 @@ const char* _StrError(DWORD error_code)
 		return lmprintf(MSG_078);
 	case ERROR_NOT_READY:
 		return lmprintf(MSG_079);
 	case ERROR_BAD_SIGNATURE:
 		return lmprintf(MSG_172);
 	default:
 		SetLastError(error_code);
 		return WindowsErrorString();
--- a/src/stdlg.c
+++ b/src/stdlg.c
@ -1558,8 +1558,9 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR
 	static char* filepath = NULL;
 	static int download_status = 0;
 	static HFONT hyperlink_font = NULL;
-	LONG i;
+	static HANDLE hThread = NULL;
 	HWND hNotes;
 	DWORD exit_code;
 	STARTUPINFOA si;
 	PROCESS_INFORMATION pi;
 	EXT_DECL(dl_ext, NULL, __VA_GROUP__("*.exe"), __VA_GROUP__(lmprintf(MSG_037)));
@ -1614,8 +1615,16 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR
 			case 1:		// Abort
 				FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|ERROR_CANCELLED;
 				download_status = 0;
 				hThread = NULL;
 				break;
 			case 2:		// Launch newer version and close this one
 				if ((hThread == NULL) || (!GetExitCodeThread(hThread, &exit_code)) || (exit_code == 0)) {
 					hThread = NULL;
 					EnableWindow(GetDlgItem(hDlg, IDC_DOWNLOAD), FALSE);
 					break;
 				}
 				hThread = NULL;
 				Sleep(1000);	// Add a delay on account of antivirus scanners
 				if (ValidateSignature(hDlg, filepath) != NO_ERROR) {
@ -1642,8 +1651,7 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR
 					uprintf("Could not get download URL");
 					break;
 				}
-				for (i=(int)strlen(update.download_url); (i>0)&&(update.download_url[i]!='/'); i--);
+				dl_ext.filename = PathFindFileNameU(update.download_url);
 				dl_ext.filename = &update.download_url[i+1];
 				filepath = FileDialog(TRUE, app_dir, &dl_ext, OFN_NOCHANGEDIR);
 				if (filepath == NULL) {
 					uprintf("Could not get save path");
@ -1651,7 +1659,7 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR
 				}
 				// Opening the File Dialog will make us lose tabbing focus - set it back
 				SendMessage(hDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hDlg, IDC_DOWNLOAD), TRUE);
-				DownloadSignedFileThreaded(update.download_url, filepath, hDlg);
+				hThread = DownloadSignedFileThreaded(update.download_url, filepath, hDlg, TRUE);
 				break;
 			}
 			return (INT_PTR)TRUE;
@ -1665,11 +1673,14 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR
 		return (INT_PTR)TRUE;
 	case UM_PROGRESS_EXIT:
 		EnableWindow(GetDlgItem(hDlg, IDCANCEL), TRUE);
-		if (wParam) {
+		if (wParam != 0) {
 			SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD), lmprintf(MSG_039));
 			download_status = 2;
 		} else {
 			SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD), lmprintf(MSG_040));
 			// Disable the download button if we found an invalid signature
 			EnableWindow(GetDlgItem(hDlg, IDC_DOWNLOAD),
 				FormatStatus != (ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | APPERR(ERROR_BAD_SIGNATURE)));
 			download_status = 0;
 		}
 		return (INT_PTR)TRUE;