check if the binary signature was issued by the public key we got in memory,...

check if the binary signature was issued by the public key we got in memory, before real cryptographic verification

check if the binary signature was issued by the public key we got in memory,...
check if the binary signature was issued by the public key we got in memory, before real cryptographic verification
6cd26fbc · Rafaël Carré · 0f234aaf · 6cd26fbc
Commit 6cd26fbc authored Mar 09, 2008 by Rafaël Carré
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

src/misc/update.c src/misc/update.c +12 -0

No files found.
--- a/src/misc/update.c
+++ b/src/misc/update.c
@@ -1368,6 +1368,18 @@ void update_DownloadReal( update_download_thread_t *p_udt )
        goto end;
    }

+    if( memcmp( sign.issuer_longid, p_update->p_pkey->longid, 8 ) )
+    {
+        utf8_unlink( psz_destfile );
+        msg_Err( p_udt, "Invalid signature issuer" );
+        intf_UserFatal( p_udt, VLC_TRUE, _("Invalid signature"),
+            _("The cryptographic signature for downloaded file \"%s\" was "
+              "invalid and couldn't be used to securely verify it, and so "
+              "VLC deleted it."),
+            psz_destfile );
+        goto end;
+    }
+
    if( sign.type != BINARY_SIGNATURE )
    {
        utf8_unlink( psz_destfile );