From a8cc9c4da5d42904037ebe40476c1816905b4556 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 30 Apr 2019 09:41:36 +0200
Subject: version: add beginnings of authenticode checking

---
 updater/downloader.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'updater')

diff --git a/updater/downloader.go b/updater/downloader.go
index ea3ee9d4..c1ca4beb 100644
--- a/updater/downloader.go
+++ b/updater/downloader.go
@@ -160,13 +160,21 @@ func DownloadVerifyAndExecute() (progress chan DownloadProgress) {
 		}
 		out.Close()
 		out = nil
+
+		progress <- DownloadProgress{Activity: "Verifying authenticode signature"}
+		if !version.IsOfficialPath(unverifiedDestinationFilename) {
+			os.Remove(unverifiedDestinationFilename)
+			progress <- DownloadProgress{Error: errors.New("The downloaded update does not have an authentic authenticode signature")}
+			return
+		}
+
+		progress <- DownloadProgress{Activity: "Installing update"}
 		err = os.Rename(unverifiedDestinationFilename, destinationFilename)
 		if err != nil {
 			os.Remove(unverifiedDestinationFilename)
 			progress <- DownloadProgress{Error: err}
 			return
 		}
-		progress <- DownloadProgress{Activity: "Installing update"}
 		err = runMsi(destinationFilename)
 		os.Remove(unverifiedDestinationFilename)
 		if err != nil {
-- 
cgit v1.2.3-59-g8ed1b