aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/updater
diff options
context:
space:
mode:
Diffstat (limited to 'updater')
-rw-r--r--updater/downloader.go8
-rw-r--r--updater/msirunner_windows.go4
2 files changed, 6 insertions, 6 deletions
diff --git a/updater/downloader.go b/updater/downloader.go
index f9b70834..a12b5037 100644
--- a/updater/downloader.go
+++ b/updater/downloader.go
@@ -106,7 +106,7 @@ func DownloadVerifyAndExecute(userToken uintptr) (progress chan DownloadProgress
file.Seek(0, io.SeekStart)
file.Truncate(0)
file.Close()
- os.Remove(name) //TODO: Do we have any sort of TOCTOU here?
+ os.Remove(name) // TODO: Do we have any sort of TOCTOU here?
}
}()
@@ -145,7 +145,7 @@ func DownloadVerifyAndExecute(userToken uintptr) (progress chan DownloadProgress
return
}
- //TODO: it would be nice to rename in place from "file.msi.unverified" to "file.msi", but Windows TOCTOU stuff
+ // TODO: it would be nice to rename in place from "file.msi.unverified" to "file.msi", but Windows TOCTOU stuff
// is hard, so we'll come back to this later.
name := file.Name()
file.Close()
@@ -153,14 +153,14 @@ func DownloadVerifyAndExecute(userToken uintptr) (progress chan DownloadProgress
progress <- DownloadProgress{Activity: "Verifying authenticode signature"}
if !version.VerifyAuthenticode(name) {
- os.Remove(name) //TODO: Do we have any sort of TOCTOU here?
+ os.Remove(name) // TODO: Do we have any sort of TOCTOU here?
progress <- DownloadProgress{Error: errors.New("The downloaded update does not have an authentic authenticode signature")}
return
}
progress <- DownloadProgress{Activity: "Installing update"}
err = runMsi(name, userToken)
- os.Remove(name) //TODO: Do we have any sort of TOCTOU here?
+ os.Remove(name) // TODO: Do we have any sort of TOCTOU here?
if err != nil {
progress <- DownloadProgress{Error: err}
return
diff --git a/updater/msirunner_windows.go b/updater/msirunner_windows.go
index 84ddde28..62ec1cdf 100644
--- a/updater/msirunner_windows.go
+++ b/updater/msirunner_windows.go
@@ -69,11 +69,11 @@ func msiTempFile() (*os.File, error) {
Length: uint32(len(sd)),
SecurityDescriptor: uintptr(unsafe.Pointer(&sd[0])),
}
- //TODO: os.TempDir() returns C:\windows\temp when calling from this context. Supposedly this is mostly secure
+ // TODO: os.TempDir() returns C:\windows\temp when calling from this context. Supposedly this is mostly secure
// against TOCTOU, but who knows! Look into this!
name := filepath.Join(os.TempDir(), hex.EncodeToString(randBytes[:]))
name16 := windows.StringToUTF16Ptr(name)
- //TODO: it would be nice to specify delete_on_close, but msiexec.exe doesn't open its files with read sharing.
+ // TODO: it would be nice to specify delete_on_close, but msiexec.exe doesn't open its files with read sharing.
fileHandle, err := windows.CreateFile(name16, windows.GENERIC_WRITE, windows.FILE_SHARE_READ, sa, windows.CREATE_NEW, windows.FILE_ATTRIBUTE_NORMAL, 0)
runtime.KeepAlive(sd)
if err != nil {
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.