Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature should only be considered valid if cert is verified #110

Open
cedws opened this issue Nov 28, 2024 · 1 comment
Open

Signature should only be considered valid if cert is verified #110

cedws opened this issue Nov 28, 2024 · 1 comment

Comments

@cedws
Copy link
Contributor

cedws commented Nov 28, 2024

pe/security.go

Lines 401 to 409 in 17e5221

var signatureValid bool
signatureContent, err = parseAuthenticodeContent(pkcs.Content)
if err != nil {
pe.logger.Errorf("could not parse authenticode content: %v", err)
signatureValid = false
} else if !pe.opts.DisableSignatureValidation {
authentihash := pe.AuthentihashExt(signatureContent.HashFunction.New())[0]
signatureValid = bytes.Equal(authentihash, signatureContent.HashResult)
}

As I understand, this code compares the actual Authenticode hash against the hash in the signed message. However, the check is performed independently of certificate validation. Therefore, an unverified certificate chain has no effect, and SignatureValid can still end up being true as long as the hashes match.

I think it would be a good idea to consider the signature valid as long as the certificate chain can be verified to prevent misuse of the API.

signatureValid = signatureValid && certValid
@ayoubfaouzi
Copy link
Member

Thanks a lot @cedws, that's a good catch ! I will make a patch soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ayoubfaouzi @cedws