1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Commit graph

27 commits

Author SHA1 Message Date
Pete Batard
f26fd2fbe3
[fido] add additional Authenticode validation before running the script
* This basically means that the script is validate *TWICE*, using two
  completely independent signatures, before it is allowed to run, which
  should add another mitigation layer against TOCTOU (which we already
  friggin' mitigated against anyway) and other potential vectors of
  attack.
* Also remove -DisableFirstRunCustomize option and the associated cookie
  prompt monitoring, which the latest version of Fido no longer requires.
* Also update WDK version for signtool and flesh out PKI error messages.
2021-05-27 00:19:25 +01:00
Pete Batard
1062dde076
[appstore] add AppStore version detection
* Also make sure we don't include appstore.listing.csv in the app
  and remove unneeded call to GetModuleHandle() in pki.c.
2021-02-07 20:25:21 +00:00
Pete Batard
2a1c57c750
[ui] disable button and add a countdown when launching update
* Also disable Launch button while we do so
* Also add new <Ctrl>-<Alt>-<Y> cheat mode
* Also terminate update thread before exiting if running
* Also set version to rufus-next
2019-04-01 16:38:27 +01:00
Pete Batard
04a5793ee7
[misc] use compilation flag to undefine NDEBUG for assert 2018-11-21 17:45:18 +00:00
Pete Batard
efcdbe30e5 [pki] clear buffer on invalid signature
* Avoid keeping potentially nasty stuff in memory for too long...
2018-08-20 08:12:28 +01:00
Pete Batard
71578459d7 [loc] fix spaces before full stops
* Also: "Asserts, it's not just for debug any more!"
2018-07-31 20:47:24 +01:00
Pete Batard
fdfc9ff82d [pki] add RSA-2048 signature validation for all server downloads
* Closes #1172
* Also fix a MinGW warning in badblocks.c
2018-06-29 18:19:05 +01:00
Pete Batard
e1d864f755 [misc] work around Microsoft's broken SetDllDirectory()
* *THIS* is what you need to do to replace Microsoft's broken SetDllDirectory("")
  implementation and mitigate DLL sideloading from local directories.
* Also fix some comment typos
2018-06-05 13:02:28 +01:00
Pete Batard
be2f7342f7 [net] force a disk flush after downloading a file
* Also add a retry in PKI's GetSignatureName()
* This should help with getting a "The downloaded executable is
  missing a digital signature" message when launching an update.
* Closes #1130
2018-05-13 10:36:23 +01:00
Pete Batard
79a03637d6 update ChangeLog for BETA release 2017-11-01 13:22:51 +00:00
Pete Batard
293440b2e9 [pki] fix a minor initialization issue 2017-10-13 10:47:26 +01:00
Pete Batard
13ba3e75b3 [misc] fix VS2017 code analysis warnings
* Also set rufus-next to 2.18
2017-09-14 19:06:04 +01:00
Pete Batard
e3fbfb30d3 [pki] add country code validation on signature check
* Also validate against the CN rather than the simple name, and require an exact match
2017-09-11 12:13:47 +01:00
Pete Batard
c22b378f9a [misc] display image and disk size in the log
* Also fix 2 Coverity warnings
* Also remove unneeded LFs in drive.c
2017-09-08 15:38:30 +01:00
Pete Batard
9464ae94a4 [pki] more ASN.1 parser improvements 2017-09-05 22:21:34 +01:00
Pete Batard
94e4c0905b [pki] improve ASN.1 parser
* Enable search from OIDs expressed as strings and ignore non UNIVERSAL classes
2017-09-04 14:32:56 +01:00
Pete Batard
a73e695ba4 [pki] timestamp validation improvements
* Add timestamp processing for nested signature and check for anomalous differences
* Also prevent attack scenarios that may attempt to leverage multiple nested signatures or countersigners
* Simplify code by using CryptDecodeObjectEx/WinVerifyTrustEx and improve timestamp reporting
2017-09-03 13:54:07 +01:00
Pete Batard
35da381a11 [pki] check timestamp chronology during update validation
* Done to address the second "vulnerability" proposed in #1009, independently
  of the protocol used.
2017-09-02 15:27:56 +01:00
Pete Batard
c3c39f7f8a [pki] fix https://www.kb.cert.org/vuls/id/403768
* This commit effectively fixes https://www.kb.cert.org/vuls/id/403768 (CVE-2017-13083) as
  it is described per its revision 11, which is the latest revision at the time of this commit,
  by disabling Windows prompts, enacted during signature validation, that allow the user to
  bypass the intended signature verification checks.
* It needs to be pointed out that the vulnerability ("allow(ing) the use of a self-signed
  certificate"), which relies on the end-user actively ignoring a Windows prompt that tells
  them that the update failed the signature validation whilst also advising against running it,
  is being fully addressed, even as the update protocol remains HTTP.
* It also need to be pointed out that the extended delay (48 hours) between the time the
  vulnerability was reported and the moment it is fixed in our codebase has to do with
  the fact that the reporter chose to deviate from standard security practices by not
  disclosing the details of the vulnerability with us, be it publicly or privately,
  before creating the cert.org report. The only advance notification we received was a
  generic note about the use of HTTP vs HTTPS, which, as have established, is not
  immediately relevant to addressing the reported vulnerability.
* Closes #1009
* Note: The other vulnerability scenario described towards the end of #1009, which
  doesn't have to do with the "lack of CA checking", will be addressed separately.
2017-08-31 12:19:11 +01:00
Pete Batard
36cadcfcca [pki] improve error handling
* FormatMessage() does not handle PKI errors
* Also fix an issue with non-official version detection when the language is not English
2017-08-27 15:07:35 +01:00
Pete Batard
54ee68f6fc [pki] have GetSignatureName() use the current binary on NULL parameter 2017-06-15 17:25:13 +01:00
Pete Batard
e2481efcd9 [pki] application security improvements
* Also clean up registry variables and add IsRegistryNode() call
2017-04-12 20:40:43 +01:00
Pete Batard
c3f47ada06 [misc] add missing.h header
* Also clean up code
2016-02-20 22:52:32 +00:00
Pete Batard
e1f8b276c8 [loc] fix various RTL issues
* MSG_002 doesn't display in RTL
* Update Policy dialog loses RTL setting after the first paragraph
* Some text displayed in native Windows message boxes is not using RTL
 (even as the Message Box itself will display the rest of the UI elements as RTL)
* Detect if the relevant language pack is installed and use MessageBoxEx to
  display native message box buttons using the selected language.
* All theses issues are part of #621
* Also remove trailing whitespaces
2015-10-18 21:37:58 +01:00
Pete Batard
a228919263 [loc] update base translation to v1.0.19
* Also update French translation to latest
* Also improve signature check for downloaded updates
2015-10-15 23:51:06 +01:00
Pete Batard
7b3b96cd9e [pki] add signature check on update downloads - part 2
* Closes #158
2015-10-13 23:29:30 +01:00
Pete Batard
cd911ad738 [pki] add signature check on update downloads - part 1
* This is part of enhancement #158
2015-10-12 22:03:41 +01:00