Windows: implement internal verification of Authenticode digital signature for all modules to protect against simple binaries tampering.

2025-11-12 03:18:26 -06:00 · 2018-04-16 00:23:05 +02:00
parent 9e36039630
commit 0a737c8c87
5 changed files with 231 additions and 26 deletions
--- a/src/Setup/SelfExtract.c
+++ b/src/Setup/SelfExtract.c
@@ -396,6 +396,15 @@ BOOL VerifyPackageIntegrity (void)

 	GetModuleFileName (NULL, path, ARRAYSIZE (path));

+#ifdef NDEBUG
+	// verify Authenticode digital signature of the exe file
+	if (!VerifyModuleSignature (path))
+	{
+		Error ("DIST_PACKAGE_CORRUPTED", NULL);
+		return FALSE;
+	}
+#endif
+
 	fileDataEndPos = (int) FindStringInFile (path, MagEndMarker, strlen (MagEndMarker));
 	if (fileDataEndPos < 0)
 	{