Bug 728301 - Enable new security checks only for the service. r=rstrong

2024-09-13 09:24:08 -07:00 · 2012-02-24 16:29:42 -05:00 · 2012-02-24 16:29:42 -05:00 · 2e8d83a148
commit 2e8d83a148
parent 52f09e123c
1 changed files with 35 additions and 20 deletions
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@ -1563,11 +1563,24 @@ ReadMARChannelIDs(const NS_tchar *path, MARChannelStringTable *results)
  return result;
 }

+struct UpdateThreadData 
+{
+  UpdateThreadData(bool performMARChecks) :
+    mPerformMARChecks(performMARChecks)
+  {
+  }
+
+  bool mPerformMARChecks;
+};
+
 static void
 UpdateThreadFunc(void *param)
 {
-  // open ZIP archive and process...
+  UpdateThreadData *threadData = reinterpret_cast<UpdateThreadData*>(param);
+  bool performMARChecks = threadData && threadData->mPerformMARChecks;
+  delete threadData;
  
+  // open ZIP archive and process...
  int rv;
  NS_tchar dataFile[MAXPATHLEN];
  NS_tsnprintf(dataFile, sizeof(dataFile)/sizeof(dataFile[0]),
@ -1575,26 +1588,28 @@ UpdateThreadFunc(void *param)

  rv = gArchiveReader.Open(dataFile);

-  #ifdef MOZ_VERIFY_MAR_SIGNATURE
-  if (rv == OK) {
-    rv = gArchiveReader.VerifySignature();
-  }
-  #endif
-
-  if (rv == OK) {
-    NS_tchar updateSettingsPath[MAX_TEXT_LEN];
-    NS_tsnprintf(updateSettingsPath, 
-                 sizeof(updateSettingsPath) / sizeof(updateSettingsPath[0]),
-                 NS_T("%supdate-settings.ini"), gDestPath);
-    MARChannelStringTable MARStrings;
-    if (ReadMARChannelIDs(updateSettingsPath, &MARStrings) != OK) {
-      // If we can't read from update-settings.ini then we shouldn't impose
-      // a MAR restriction.  Some installatins won't even include this file.
-      MARStrings.MARChannelID[0] = '\0';
+  if (performMARChecks) {
+#ifdef MOZ_VERIFY_MAR_SIGNATURE
+    if (rv == OK) {
+      rv = gArchiveReader.VerifySignature();
    }
+#endif

-    rv = gArchiveReader.VerifyProductInformation(MARStrings.MARChannelID,
-                                                 MOZ_APP_VERSION);
+    if (rv == OK) {
+      NS_tchar updateSettingsPath[MAX_TEXT_LEN];
+      NS_tsnprintf(updateSettingsPath, 
+                   sizeof(updateSettingsPath) / sizeof(updateSettingsPath[0]),
+                   NS_T("%supdate-settings.ini"), gDestPath);
+      MARChannelStringTable MARStrings;
+      if (ReadMARChannelIDs(updateSettingsPath, &MARStrings) != OK) {
+        // If we can't read from update-settings.ini then we shouldn't impose
+        // a MAR restriction.  Some installations won't even include this file.
+        MARStrings.MARChannelID[0] = '\0';
+      }
+
+      rv = gArchiveReader.VerifyProductInformation(MARStrings.MARChannelID,
+                                                   MOZ_APP_VERSION);
+    }
  }

  if (rv == OK) {
@ -2108,7 +2123,7 @@ int NS_main(int argc, NS_tchar **argv)
  // before QuitProgressUI has been called, so wait for UpdateThreadFunc to
  // terminate.
  Thread t;
-  if (t.Run(UpdateThreadFunc, NULL) == 0) {
+  if (t.Run(UpdateThreadFunc, new UpdateThreadData(usingService)) == 0) {
    ShowProgressUI();
  }
  t.Join();