From f2ebd9edaadf946655bc266e4ef6ffe52862900d Mon Sep 17 00:00:00 2001 From: Zorg Date: Wed, 19 Jun 2024 22:25:09 -0700 Subject: [PATCH] Require signing validation for apple archives before extraction --- Autoupdate/AppInstaller.m | 4 ++-- Autoupdate/SUBinaryDeltaUnarchiver.m | 2 +- Autoupdate/SUDiskImageUnarchiver.m | 2 +- Autoupdate/SUFlatPackageUnarchiver.m | 2 +- Autoupdate/SUPipedUnarchiver.m | 4 ++-- Autoupdate/SUUnarchiverProtocol.h | 2 +- Sparkle/SUUpdateValidator.m | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Autoupdate/AppInstaller.m b/Autoupdate/AppInstaller.m index f7e1d29230..9ecd2f2397 100644 --- a/Autoupdate/AppInstaller.m +++ b/Autoupdate/AppInstaller.m @@ -193,9 +193,9 @@ - (void)extractAndInstallUpdate SPU_OBJC_DIRECT _updateValidator = [[SUUpdateValidator alloc] initWithDownloadPath:archivePath signatures:_signatures host:_host verifierInformation:_verifierInformation]; - // Delta & package updates will require validation before extraction + // Delta, package updates, and .aar/.yaa archives will require validation before extraction // Normal application updates are a bit more lenient allowing developers to change one of apple dev ID or EdDSA keys - BOOL needsPrevalidation = [[unarchiver class] mustValidateBeforeExtraction] || ![_installationType isEqualToString:SPUInstallationTypeApplication]; + BOOL needsPrevalidation = [[unarchiver class] mustValidateBeforeExtractionWithArchivePath:archivePath] || ![_installationType isEqualToString:SPUInstallationTypeApplication]; if (needsPrevalidation) { success = [_updateValidator validateDownloadPathWithError:&unarchiverError]; diff --git a/Autoupdate/SUBinaryDeltaUnarchiver.m b/Autoupdate/SUBinaryDeltaUnarchiver.m index 77871d4122..79cd61fb95 100644 --- a/Autoupdate/SUBinaryDeltaUnarchiver.m +++ b/Autoupdate/SUBinaryDeltaUnarchiver.m @@ -28,7 +28,7 @@ + (BOOL)canUnarchivePath:(NSString *)path return [[path pathExtension] isEqualToString:@"delta"]; } -+ (BOOL)mustValidateBeforeExtraction ++ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath { return YES; } diff --git a/Autoupdate/SUDiskImageUnarchiver.m b/Autoupdate/SUDiskImageUnarchiver.m index 58e627f09b..c75caf1ae6 100644 --- a/Autoupdate/SUDiskImageUnarchiver.m +++ b/Autoupdate/SUDiskImageUnarchiver.m @@ -34,7 +34,7 @@ + (BOOL)canUnarchivePath:(NSString *)path return [[path pathExtension] isEqualToString:@"dmg"]; } -+ (BOOL)mustValidateBeforeExtraction ++ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath { return NO; } diff --git a/Autoupdate/SUFlatPackageUnarchiver.m b/Autoupdate/SUFlatPackageUnarchiver.m index 88f1559277..db6facf324 100644 --- a/Autoupdate/SUFlatPackageUnarchiver.m +++ b/Autoupdate/SUFlatPackageUnarchiver.m @@ -28,7 +28,7 @@ + (BOOL)canUnarchivePath:(NSString *)path return [path.pathExtension isEqualToString:@"pkg"] || [path.pathExtension isEqualToString:@"mpkg"]; } -+ (BOOL)mustValidateBeforeExtraction ++ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath { return YES; } diff --git a/Autoupdate/SUPipedUnarchiver.m b/Autoupdate/SUPipedUnarchiver.m index 78d040e6ed..c16fb4e91e 100644 --- a/Autoupdate/SUPipedUnarchiver.m +++ b/Autoupdate/SUPipedUnarchiver.m @@ -75,9 +75,9 @@ + (BOOL)canUnarchivePath:(NSString *)path return _commandAndArgumentsConformingToTypeOfPath(path) != nil; } -+ (BOOL)mustValidateBeforeExtraction ++ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath { - return NO; + return ([archivePath hasSuffix:@".aar"] || [archivePath hasSuffix:@".yaa"]); } - (instancetype)initWithArchivePath:(NSString *)archivePath extractionDirectory:(NSString *)extractionDirectory diff --git a/Autoupdate/SUUnarchiverProtocol.h b/Autoupdate/SUUnarchiverProtocol.h index 5e20ccb3e9..15e92ee063 100644 --- a/Autoupdate/SUUnarchiverProtocol.h +++ b/Autoupdate/SUUnarchiverProtocol.h @@ -12,7 +12,7 @@ NS_ASSUME_NONNULL_BEGIN @protocol SUUnarchiverProtocol -+ (BOOL)mustValidateBeforeExtraction; ++ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath; - (void)unarchiveWithCompletionBlock:(void (^)(NSError * _Nullable))completionBlock progressBlock:(void (^ _Nullable)(double))progressBlock; diff --git a/Sparkle/SUUpdateValidator.m b/Sparkle/SUUpdateValidator.m index 3934d7c4b6..2bad4918b1 100644 --- a/Sparkle/SUUpdateValidator.m +++ b/Sparkle/SUUpdateValidator.m @@ -121,7 +121,7 @@ - (BOOL)validateWithUpdateDirectory:(NSString *)updateDirectory error:(NSError * { // Because we already validated the EdDSA signature, this is just a consistency check to see // if the developer signed their application properly with their Apple ID - // Currently, this case only gets hit for binary delta updates + // Currently, this case gets hit for binary delta updates and .aar/.yaa archives NSError *innerError = nil; if ([SUCodeSigningVerifier bundleAtURLIsCodeSigned:installSourceURL] && ![SUCodeSigningVerifier codeSignatureIsValidAtBundleURL:installSourceURL error:&innerError]) {