From 473d4219c51a249da3cbfd862f3dcb7232ba4626 Mon Sep 17 00:00:00 2001
From: James Hobson <james.hobson@jotron.com>
Date: Tue, 24 Nov 2020 13:29:34 +0100
Subject: [PATCH 1/5] Fixed Validate.c (Issue 949)

---
 src/validate.c | 34 +++++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/src/validate.c b/src/validate.c
index f4cfd23e3..e1d1e037e 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -19,6 +19,7 @@
 typedef unsigned char byte;      
 
 char segment_name[] = ".sha256_sig";
+char segment_key_name[] = ".sig_key";
 
 int sha256_file(char *path, char outputBuffer[65], int skip_offset, int skip_length)
 {
@@ -109,38 +110,53 @@ int main(int argc,char **argv)	{
 
     char *filename = argv[1]; 
 
-    unsigned long skip_offset = 0;
-    unsigned long skip_length = 0;
+    unsigned long skip_offset_sig = 0;
+    unsigned long skip_length_sig = 0;
+
+    unsigned long skip_offset_key = 0;
+    unsigned long skip_length_key = 0;
   
-    if (!appimage_get_elf_section_offset_and_length(filename, ".sha256_sig", &skip_offset, &skip_length)) {
+    if (!appimage_get_elf_section_offset_and_length(filename, ".sha256_sig", &skip_offset_sig, &skip_length_sig)) {
         fprintf(stderr, "Failed to read .sha256_sig section");
         exit(1);
     }
+    if (!appimage_get_elf_section_offset_and_length(filename, ".sig_key", &skip_offset_key, &skip_length_key)) {
+        fprintf(stderr, "Failed to read .sig_key section");
+        exit(1);
+    }
 
-    if(skip_length > 0) {
-        fprintf(stderr, "Skipping ELF section %s with offset %lu, length %lu\n", segment_name, skip_offset, skip_length);
+    if(skip_length_sig > 0) {
+        fprintf(stderr, "Skipping ELF section %s with offset %lu, length %lu\n", segment_name, skip_offset_sig, skip_length_sig);
     } else {
         fprintf(stderr, "ELF section %s not found, is the file signed?\n", segment_name);
         exit(1);
     }
+    if(skip_length_key > 0) {
+        fprintf(stderr, "Skipping ELF section %s with offset %lu, length %lu\n", segment_key_name, skip_offset_key, skip_length_key);
+    } else {
+        fprintf(stderr, "ELF section %s not found, is the file signed?\n", segment_key_name);
+        exit(1);
+    }
+    int skip_offset = skip_offset_sig;
+    int skip_length = skip_length_sig + skip_length_key;
     
     char *digestfile;
     digestfile = g_strconcat("/tmp/", basename(g_strconcat(filename, ".digest", NULL)), NULL);
     char *signaturefile;
     signaturefile = g_strconcat("/tmp/", basename(g_strconcat(filename, ".sig", NULL)), NULL);
 
-    uint8_t *data = malloc(skip_length);
+    uint8_t *data = malloc(skip_length_sig);
     unsigned long k;
     FILE* fd = fopen(filename, "r");
-    fseek(fd, skip_offset, SEEK_SET);
-    fread(data, skip_length, sizeof(uint8_t), fd);
+    fseek(fd, skip_offset_sig, SEEK_SET);
+    fread(data, skip_length_sig, sizeof(uint8_t), fd);
     fclose(fd);
     FILE *fpdst2 = fopen(signaturefile, "w");
     if (fpdst2 == NULL) {
         fprintf(stderr, "Not able to open the signature file for writing, aborting");
         exit(1);
     }
-    for (k = 0; k < skip_length; k++) {
+    for (k = 0; k < skip_length_sig; k++) {
         fprintf(fpdst2, "%c", data[k]);
     }   
     fclose(fpdst2);

From 77d97ecb07c298221f6ba4e7fbae2f93b9b854ca Mon Sep 17 00:00:00 2001
From: James Hobson <james.hobson@jotron.com>
Date: Tue, 24 Nov 2020 13:38:10 +0100
Subject: [PATCH 2/5] Added check of assumed memory layout

---
 src/validate.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/validate.c b/src/validate.c
index e1d1e037e..2f3081934 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -137,6 +137,10 @@ int main(int argc,char **argv)	{
         fprintf(stderr, "ELF section %s not found, is the file signed?\n", segment_key_name);
         exit(1);
     }
+    if(skip_offset_sig + skip_length_sig != skip_offset_key) {
+      fprintf(stderr, "Validate only worlds when .sha256_sig and .sig_key are next to one another in the ELF\n");
+      exit(0);
+    }
     int skip_offset = skip_offset_sig;
     int skip_length = skip_length_sig + skip_length_key;
     

From 82e54eabc1635e177c3fcd0385ae2104b4d6229b Mon Sep 17 00:00:00 2001
From: James Hobson <james.hobson@oriel.ox.ac.uk>
Date: Sat, 5 Dec 2020 17:38:59 +0100
Subject: [PATCH 3/5] Added support for older appimages (untested)

---
 src/validate.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/validate.c b/src/validate.c
index 2f3081934..225d2120e 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -121,8 +121,8 @@ int main(int argc,char **argv)	{
         exit(1);
     }
     if (!appimage_get_elf_section_offset_and_length(filename, ".sig_key", &skip_offset_key, &skip_length_key)) {
-        fprintf(stderr, "Failed to read .sig_key section");
-        exit(1);
+      skip_length_key = 0;
+      skip_offset_key = 0;
     }
 
     if(skip_length_sig > 0) {
@@ -134,10 +134,10 @@ int main(int argc,char **argv)	{
     if(skip_length_key > 0) {
         fprintf(stderr, "Skipping ELF section %s with offset %lu, length %lu\n", segment_key_name, skip_offset_key, skip_length_key);
     } else {
-        fprintf(stderr, "ELF section %s not found, is the file signed?\n", segment_key_name);
+        fprintf(stderr, "ELF section %s not found, assuming older AppImage Standard\n", segment_key_name);
         exit(1);
     }
-    if(skip_offset_sig + skip_length_sig != skip_offset_key) {
+    if(skip_offset_sig + skip_length_sig != skip_offset_key && skip_length_key != 0) {
       fprintf(stderr, "Validate only worlds when .sha256_sig and .sig_key are next to one another in the ELF\n");
       exit(0);
     }

From 988a8cbf2f6caa85548603f83445bc543d413899 Mon Sep 17 00:00:00 2001
From: James Hobson <james.hobson@jotron.com>
Date: Mon, 7 Dec 2020 08:34:20 +0100
Subject: [PATCH 4/5] Tested on current appimage standard

---
 src/validate.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/validate.c b/src/validate.c
index 225d2120e..0608ec72a 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -135,7 +135,6 @@ int main(int argc,char **argv)	{
         fprintf(stderr, "Skipping ELF section %s with offset %lu, length %lu\n", segment_key_name, skip_offset_key, skip_length_key);
     } else {
         fprintf(stderr, "ELF section %s not found, assuming older AppImage Standard\n", segment_key_name);
-        exit(1);
     }
     if(skip_offset_sig + skip_length_sig != skip_offset_key && skip_length_key != 0) {
       fprintf(stderr, "Validate only worlds when .sha256_sig and .sig_key are next to one another in the ELF\n");

From 68d69e37d3e2c2b01814d2de0ac5fde12c2bcab5 Mon Sep 17 00:00:00 2001
From: James Hobson <james.hobson@jotron.com>
Date: Mon, 7 Dec 2020 08:40:56 +0100
Subject: [PATCH 5/5] Typo fix and indentation fix

---
 src/validate.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/validate.c b/src/validate.c
index 0608ec72a..7e8ce30c6 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -121,8 +121,8 @@ int main(int argc,char **argv)	{
         exit(1);
     }
     if (!appimage_get_elf_section_offset_and_length(filename, ".sig_key", &skip_offset_key, &skip_length_key)) {
-      skip_length_key = 0;
-      skip_offset_key = 0;
+        skip_length_key = 0;
+        skip_offset_key = 0;
     }
 
     if(skip_length_sig > 0) {
@@ -137,8 +137,8 @@ int main(int argc,char **argv)	{
         fprintf(stderr, "ELF section %s not found, assuming older AppImage Standard\n", segment_key_name);
     }
     if(skip_offset_sig + skip_length_sig != skip_offset_key && skip_length_key != 0) {
-      fprintf(stderr, "Validate only worlds when .sha256_sig and .sig_key are next to one another in the ELF\n");
-      exit(0);
+        fprintf(stderr, "validate only works when .sha256_sig and .sig_key are contiguous in the ELF header\n");
+        exit(0);
     }
     int skip_offset = skip_offset_sig;
     int skip_length = skip_length_sig + skip_length_key;