X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp diff --git a/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp b/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp index f4889f69..3d96abd0 100644 --- a/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp +++ b/OSX/libsecurity_codesigning/lib/SecStaticCode.cpp @@ -121,6 +121,7 @@ OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, Se | kSecCSCheckGatekeeperArchitectures | kSecCSRestrictSymlinks | kSecCSRestrictToAppLike + | kSecCSUseSoftwareSigningCert ); if (errors) @@ -132,6 +133,20 @@ OSStatus SecStaticCodeCheckValidityWithErrors(SecStaticCodeRef staticCodeRef, Se DTRACK(CODESIGN_EVAL_STATIC, code, (char*)code->mainExecutablePath().c_str()); code->staticValidate(flags, req); +#if TARGET_OS_IPHONE + // Everything checked out correctly but we need to make sure that when + // we validated the code directory, we trusted the signer. We defer this + // until now because the caller may still trust the signer via a + // provisioning profile so if we prematurely throw an error when validating + // the directory, we potentially skip resource validation even though the + // caller will go on to trust the signature + // Applications that are validated against a provisioning profile do not have their resources checked + if (code->trustedSigningCertChain() == false) { + return CSError::cfError(errors, errSecCSSignatureUntrusted); + } +#endif + + END_CSAPI_ERRORS } @@ -222,7 +237,7 @@ OSStatus SecCodeMapMemory(SecStaticCodeRef codeRef, SecCSFlags flags) checkFlags(flags); SecPointer code = SecStaticCode::requiredStatic(codeRef); if (const CodeDirectory *cd = code->codeDirectory(false)) { - fsignatures args = { code->diskRep()->signingBase(), (void *)cd, cd->length() }; + fsignatures args = { static_cast(code->diskRep()->signingBase()), (void *)cd, cd->length() }; UnixError::check(::fcntl(code->diskRep()->fd(), F_ADDSIGS, &args)); } else MacOSError::throwMe(errSecCSUnsigned);