wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1225629: Always verify signatures for hotfixes and system add-on updates. r=rhelmer

Browse Source
This commit is contained in:
Dave Townsend 2015-11-17 14:05:04 -08:00
parent 6b0925f5dc
commit e75c629633
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
toolkit/mozapps/extensions/internal/XPIProvider.jsm
View File

@ -1633,6 +1633,25 @@ function getSignedStatus(aRv, aCert, aAddonID) {
}
}
function shouldVerifySignedState(aAddon) {
// Updated system add-ons should always have their signature checked
if (aAddon._installLocation.name == KEY_APP_SYSTEM_ADDONS)
return true;
// We don't care about signatures for default system add-ons
if (aAddon._installLocation.name == KEY_APP_SYSTEM_DEFAULTS)
return false;
// Hotfixes should always have their signature checked
let hotfixID = Preferences.get(PREF_EM_HOTFIX_ID, undefined);
if (hotfixID && aAddon.id == hotfixID)
return true;
// Otherwise only check signatures if signing is enabled and the add-on is one
// of the signed types.
return ADDON_SIGNING && SIGNED_TYPES.has(aAddon.type);
}
/**
* Verifies that a zip file's contents are all correctly signed by an
* AMO-issued certificate
@ -1644,7 +1663,7 @@ function getSignedStatus(aRv, aCert, aAddonID) {
* @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
*/
function verifyZipSignedState(aFile, aAddon) {
if (!ADDON_SIGNING || !SIGNED_TYPES.has(aAddon.type))
if (!shouldVerifySignedState(aAddon))
return Promise.resolve(AddonManager.SIGNEDSTATE_NOT_REQUIRED);
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
@ -1674,7 +1693,7 @@ function verifyZipSignedState(aFile, aAddon) {
* @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
*/
function verifyDirSignedState(aDir, aAddon) {
if (!ADDON_SIGNING || !SIGNED_TYPES.has(aAddon.type))
if (!shouldVerifySignedState(aAddon))
return Promise.resolve(AddonManager.SIGNEDSTATE_NOT_REQUIRED);
let certDB = Cc["@mozilla.org/security/x509certdb;1"]

2
toolkit/mozapps/extensions/test/xpcshell/test_system_reset.js
View File

@ -281,7 +281,7 @@ add_task(function* test_bad_app_cert() {
// Add-on will still be present
let addon = yield promiseAddonByID("system1@tests.mozilla.org");
do_check_neq(addon, null);
do_check_eq(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);
do_check_eq(addon.signedState, AddonManager.SIGNEDSTATE_NOT_REQUIRED);
yield check_installed(false, "1.0", null, "1.0");