From 2e8d83a1485ce04c2d61a6804e7ff42ca045926e Mon Sep 17 00:00:00 2001
From: "Brian R. Bondy" <netzen@gmail.com>
Date: Fri, 24 Feb 2012 16:29:42 -0500
Subject: [PATCH] Bug 728301 - Enable new security checks only for the service.
 r=rstrong

---
 toolkit/mozapps/update/updater/updater.cpp | 55 ++++++++++++++--------
 1 file changed, 35 insertions(+), 20 deletions(-)

diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
index 5d9a007773f..ac05505df86 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -1563,11 +1563,24 @@ ReadMARChannelIDs(const NS_tchar *path, MARChannelStringTable *results)
   return result;
 }
 
+struct UpdateThreadData 
+{
+  UpdateThreadData(bool performMARChecks) :
+    mPerformMARChecks(performMARChecks)
+  {
+  }
+
+  bool mPerformMARChecks;
+};
+
 static void
 UpdateThreadFunc(void *param)
 {
+  UpdateThreadData *threadData = reinterpret_cast<UpdateThreadData*>(param);
+  bool performMARChecks = threadData && threadData->mPerformMARChecks;
+  delete threadData;
+  
   // open ZIP archive and process...
-
   int rv;
   NS_tchar dataFile[MAXPATHLEN];
   NS_tsnprintf(dataFile, sizeof(dataFile)/sizeof(dataFile[0]),
@@ -1575,26 +1588,28 @@ UpdateThreadFunc(void *param)
 
   rv = gArchiveReader.Open(dataFile);
 
-  #ifdef MOZ_VERIFY_MAR_SIGNATURE
-  if (rv == OK) {
-    rv = gArchiveReader.VerifySignature();
-  }
-  #endif
-
-  if (rv == OK) {
-    NS_tchar updateSettingsPath[MAX_TEXT_LEN];
-    NS_tsnprintf(updateSettingsPath, 
-                 sizeof(updateSettingsPath) / sizeof(updateSettingsPath[0]),
-                 NS_T("%supdate-settings.ini"), gDestPath);
-    MARChannelStringTable MARStrings;
-    if (ReadMARChannelIDs(updateSettingsPath, &MARStrings) != OK) {
-      // If we can't read from update-settings.ini then we shouldn't impose
-      // a MAR restriction.  Some installatins won't even include this file.
-      MARStrings.MARChannelID[0] = '\0';
+  if (performMARChecks) {
+#ifdef MOZ_VERIFY_MAR_SIGNATURE
+    if (rv == OK) {
+      rv = gArchiveReader.VerifySignature();
     }
+#endif
 
-    rv = gArchiveReader.VerifyProductInformation(MARStrings.MARChannelID,
-                                                 MOZ_APP_VERSION);
+    if (rv == OK) {
+      NS_tchar updateSettingsPath[MAX_TEXT_LEN];
+      NS_tsnprintf(updateSettingsPath, 
+                   sizeof(updateSettingsPath) / sizeof(updateSettingsPath[0]),
+                   NS_T("%supdate-settings.ini"), gDestPath);
+      MARChannelStringTable MARStrings;
+      if (ReadMARChannelIDs(updateSettingsPath, &MARStrings) != OK) {
+        // If we can't read from update-settings.ini then we shouldn't impose
+        // a MAR restriction.  Some installations won't even include this file.
+        MARStrings.MARChannelID[0] = '\0';
+      }
+
+      rv = gArchiveReader.VerifyProductInformation(MARStrings.MARChannelID,
+                                                   MOZ_APP_VERSION);
+    }
   }
 
   if (rv == OK) {
@@ -2108,7 +2123,7 @@ int NS_main(int argc, NS_tchar **argv)
   // before QuitProgressUI has been called, so wait for UpdateThreadFunc to
   // terminate.
   Thread t;
-  if (t.Run(UpdateThreadFunc, NULL) == 0) {
+  if (t.Run(UpdateThreadFunc, new UpdateThreadData(usingService)) == 0) {
     ShowProgressUI();
   }
   t.Join();