Skip to content

Commit

Permalink
pe: make sure authenticode is identical before/after signature
Browse files Browse the repository at this point in the history
When adding the signature, the last section of the file will be padded
to 8-bytes align. We need to make sure the payload we feed to a signer
is always padded to 8-bytes.

This fixes signature breakage.
  • Loading branch information
baloo committed Dec 8, 2023
1 parent 6d664c0 commit 621bce2
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion src/pe/authenticode.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ use core::ops::Range;

use super::PE;

static PADDING: [u8; 7] = [0; 7];

impl PE<'_> {
/// [`authenticode_ranges`] returns the various ranges of the binary that are relevant for
/// signature.
Expand Down Expand Up @@ -57,6 +59,7 @@ enum IterState {
DatadirEntry(usize),
CertTable(usize),
Final(usize),
Padding(usize),
Done,
}

Expand Down Expand Up @@ -92,8 +95,17 @@ impl<'s> Iterator for ExcludedSectionsIter<'s> {
}
}
IterState::Final(start) => {
let buf = &bytes[start..];
self.state = IterState::Padding(buf.len());
return Some(buf);
}
IterState::Padding(hash_size) => {
self.state = IterState::Done;
return Some(&bytes[start..]);

if hash_size % 8 != 0 {
let pad_size = 8 - hash_size % 8;
return Some(&PADDING[..pad_size]);
}
}
IterState::Done => return None,
}
Expand Down

0 comments on commit 621bce2

Please sign in to comment.