Security-59754.80.3.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / CodeSigner.cpp

diff --git a/OSX/libsecurity_codesigning/lib/CodeSigner.cpp b/OSX/libsecurity_codesigning/lib/CodeSigner.cpp
index bc11737f28fc70528b10f54b4db77f34cc580abf..8cbc67f88d8a16cbcf728a12f566d8fa5bf0e23e 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/CodeSigner.cpp
+++ b/OSX/libsecurity_codesigning/lib/CodeSigner.cpp
@@ -121,7 +121,7 @@ SecCodeSigner::SecCodeSigner(SecCSFlags flags)
 //
 // Clean up a SecCodeSigner
 //
 //
 // Clean up a SecCodeSigner
 //

-SecCodeSigner::~SecCodeSigner() throw()
+SecCodeSigner::~SecCodeSigner() _NOEXCEPT

 try {
        delete mLimitedAsync;
 } catch (...) {
 try {
        delete mLimitedAsync;
 } catch (...) {


@@ -182,9 +182,13 @@ bool SecCodeSigner::valid() const
 //
 void SecCodeSigner::sign(SecStaticCode *code, SecCSFlags flags)
 {
 //
 void SecCodeSigner::sign(SecStaticCode *code, SecCSFlags flags)
 {

-       code->setValidationFlags(flags);
-       if (code->isSigned() && (flags & kSecCSSignPreserveSignature))
+       //Never preserve a linker signature.
+       if (code->isSigned() &&
+               (flags & kSecCSSignPreserveSignature) &&
+               !code->flag(kSecCodeSignatureLinkerSigned)) {

                return;
                return;

+       }
+       code->setValidationFlags(flags);

        Signer operation(*this, code);
        if ((flags | mOpFlags) & kSecCSRemoveSignature) {
                secinfo("signer", "%p will remove signature from %p", this, code);
        Signer operation(*this, code);
        if ((flags | mOpFlags) & kSecCSRemoveSignature) {
                secinfo("signer", "%p will remove signature from %p", this, code);