mirrors/rufus
1
0
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2025-05-22 10:55:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

[pki] fix https://www.kb.cert.org/vuls/id/403768

Browse source 
* This commit effectively fixes https://www.kb.cert.org/vuls/id/403768 (CVE-2017-13083) as
  it is described per its revision 11, which is the latest revision at the time of this commit,
  by disabling Windows prompts, enacted during signature validation, that allow the user to
  bypass the intended signature verification checks.
* It needs to be pointed out that the vulnerability ("allow(ing) the use of a self-signed
  certificate"), which relies on the end-user actively ignoring a Windows prompt that tells
  them that the update failed the signature validation whilst also advising against running it,
  is being fully addressed, even as the update protocol remains HTTP.
* It also need to be pointed out that the extended delay (48 hours) between the time the
  vulnerability was reported and the moment it is fixed in our codebase has to do with
  the fact that the reporter chose to deviate from standard security practices by not
  disclosing the details of the vulnerability with us, be it publicly or privately,
  before creating the cert.org report. The only advance notification we received was a
  generic note about the use of HTTP vs HTTPS, which, as have established, is not
  immediately relevant to addressing the reported vulnerability.
* Closes #1009
* Note: The other vulnerability scenario described towards the end of #1009, which
  doesn't have to do with the "lack of CA checking", will be addressed separately.
This commit is contained in:
Pete Batard 2017-08-31 12:13:51 +01:00
parent fe3004d17f
commit c3c39f7f8a
4 changed files with 40 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/stdlg.c
View file

@ -1674,8 +1674,12 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR
case 2: // Launch newer version and close this one
Sleep(1000); // Add a delay on account of antivirus scanners
if (ValidateSignature(hDlg, filepath) != NO_ERROR)
if (ValidateSignature(hDlg, filepath) != NO_ERROR) {
// Unconditionally delete the download and disable the "Launch" control
_unlinkU(filepath);
EnableWindow(GetDlgItem(hDlg, IDC_DOWNLOAD), FALSE);
break;
}
memset(&si, 0, sizeof(si));
memset(&pi, 0, sizeof(pi));