diff --git a/res/localization/rufus.loc b/res/localization/rufus.loc index 0d14eececb3..625566fc972 100644 --- a/res/localization/rufus.loc +++ b/res/localization/rufus.loc @@ -487,6 +487,9 @@ t MSG_237 "Bad Blocks: Testing with pattern 0x%02X" # eg. "Partitioning (MBR)..." t MSG_238 "Partitioning (%s)..." t MSG_239 "Deleting partitions..." +t MSG_240 "The signature for the downloaded update can not be validated. This could mean that your " + "system is improperly configured for signature validation or indicate a malicious download.\n\n" + "The download will be deleted. Please check the log for more details." t MSG_241 "Downloading: %0.1f%%" t MSG_242 "Failed to download file." t MSG_243 "Checking for Rufus updates..." diff --git a/src/pki.c b/src/pki.c index 25de1259393..00d01418916 100644 --- a/src/pki.c +++ b/src/pki.c @@ -53,7 +53,7 @@ const char* WinPKIErrorString(void) static char error_string[64]; DWORD error_code = GetLastError(); - if ((error_code >> 16) != 0x8009) + if (((error_code >> 16) != 0x8009) && ((error_code >> 16) != 0x800B)) return WindowsErrorString(); switch (error_code) { @@ -113,6 +113,12 @@ const char* WinPKIErrorString(void) return "Cannot complete usage check."; case CRYPT_E_NO_TRUSTED_SIGNER: return "None of the signers of the cryptographic message or certificate trust list is trusted."; + case CERT_E_UNTRUSTEDROOT: + return "The root certificate is not trusted."; + case TRUST_E_NOSIGNATURE: + return "Not digitally signed."; + case TRUST_E_EXPLICIT_DISTRUST: + return "One of the certificates used was marked as untrusted by the user."; default: static_sprintf(error_string, "Unknown PKI error 0x%08lX", error_code); return error_string; @@ -268,7 +274,13 @@ LONG ValidateSignature(HWND hDlg, const char* path) } trust_data.cbStruct = sizeof(trust_data); - trust_data.dwUIChoice = WTD_UI_ALL; + // NB: WTD_UI_ALL can result in ERROR_SUCCESS even if the signature validation fails, + // because it still prompts the user to run untrusted software, even after explicitly + // notifying them that the signature invalid (and of course Microsoft had to make + // that UI prompt a bit too similar to the other benign prompt you get when running + // trusted software, which, as per cert.org's assessment, may confuse non-security + // conscious-users who decide to gloss over these kind of notifications). + trust_data.dwUIChoice = WTD_UI_NONE; // We just downloaded from the Internet, so we should be able to check revocation trust_data.fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN; // 0x400 = WTD_MOTW for Windows 8.1 or later @@ -278,6 +290,19 @@ LONG ValidateSignature(HWND hDlg, const char* path) r = WinVerifyTrust(NULL, &guid_generic_verify, &trust_data); safe_free(trust_file.pcwszFilePath); + switch (r) { + case ERROR_SUCCESS: + break; + case TRUST_E_NOSIGNATURE: + // Should already have been reported, but since we have a custom message for it... + uprintf("PKI: File does not appear to be signed: %s", WinPKIErrorString()); + MessageBoxExU(hDlg, lmprintf(MSG_284), lmprintf(MSG_283), MB_OK | MB_ICONERROR | MB_IS_RTL, selected_langid); + break; + default: + uprintf("PKI: Failed to validate signature: %s", WinPKIErrorString()); + MessageBoxExU(hDlg, lmprintf(MSG_240), lmprintf(MSG_283), MB_OK | MB_ICONERROR | MB_IS_RTL, selected_langid); + break; + } return r; } diff --git a/src/rufus.rc b/src/rufus.rc index 3f553eea754..0d0c2a73777 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 242, 376 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 2.17.1186" +CAPTION "Rufus 2.17.1187" FONT 8, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Device",IDS_DEVICE_TXT,9,6,200,8 @@ -366,8 +366,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,17,1186,0 - PRODUCTVERSION 2,17,1186,0 + FILEVERSION 2,17,1187,0 + PRODUCTVERSION 2,17,1187,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -384,13 +384,13 @@ BEGIN BEGIN VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "2.17.1186" + VALUE "FileVersion", "2.17.1187" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2017 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html" VALUE "OriginalFilename", "rufus.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "2.17.1186" + VALUE "ProductVersion", "2.17.1187" END END BLOCK "VarFileInfo" diff --git a/src/stdlg.c b/src/stdlg.c index 29eccaef78c..bdec209f3ad 100644 --- a/src/stdlg.c +++ b/src/stdlg.c @@ -1674,8 +1674,12 @@ INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPAR case 2: // Launch newer version and close this one Sleep(1000); // Add a delay on account of antivirus scanners - if (ValidateSignature(hDlg, filepath) != NO_ERROR) + if (ValidateSignature(hDlg, filepath) != NO_ERROR) { + // Unconditionally delete the download and disable the "Launch" control + _unlinkU(filepath); + EnableWindow(GetDlgItem(hDlg, IDC_DOWNLOAD), FALSE); break; + } memset(&si, 0, sizeof(si)); memset(&pi, 0, sizeof(pi));