X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/dbe775057b53a81d9983d810772462c3233fccd3..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp?ds=inline

diff --git a/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp b/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp
index 1aa31968..7c490970 100644
--- a/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp
+++ b/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp
@@ -717,6 +717,14 @@ size_t BundleDiskRep::pageSize(const SigningContext &ctx)
 // Takes an array of CFNumbers of errors to tolerate.
 //
 void BundleDiskRep::strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags)
+{
+	strictValidateStructure(cd, tolerated, flags);
+	
+	// now strict-check the main executable (which won't be an app-like object)
+	mExecRep->strictValidate(cd, tolerated, flags & ~kSecCSRestrictToAppLike);
+}
+
+void BundleDiskRep::strictValidateStructure(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags)
 {
 	// scan our metadirectory (_CodeSignature) for unwanted guests
 	if (!(flags & kSecCSQuickCheck))
@@ -736,9 +744,6 @@ void BundleDiskRep::strictValidate(const CodeDirectory* cd, const ToleratedError
 		if (!mAppLike)
 			if (tolerated.find(kSecCSRestrictToAppLike) == tolerated.end())
 				MacOSError::throwMe(errSecCSNotAppLike);
-	
-	// now strict-check the main executable (which won't be an app-like object)
-	mExecRep->strictValidate(cd, tolerated, flags & ~kSecCSRestrictToAppLike);
 }
 
 void BundleDiskRep::recordStrictError(OSStatus error)