[tor-bugs] #15539 [Tor bundles/installation]: Removing signature on Tor Browser .exe should result in SHA256 value listed in sha256sums.txt
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 2 08:42:53 UTC 2015
#15539: Removing signature on Tor Browser .exe should result in SHA256 value listed
in sha256sums.txt
------------------------------------------+-----------------
Reporter: gk | Owner: gk
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------------------------+-----------------
Comment (by cypherpunks):
NSIS and checksum:
{{{
// No check sum support yet...
DWORD* pdwCheckSum =
GetMemberFromOptionalHeader(m_ntHeaders->OptionalHeader, CheckSum);
if (*pdwCheckSum)
{
// clear checksum (should be [re]calculated after all changes done)
pdwCheckSum = 0;
//throw runtime_error("CResourceEditor doesn't yet support check
sum");
}
}}}
Found only one place where it tries to change checksum, where is
"[re]calculated after all changes done" then? It's not even right code
then, it clears pointer to DWORD with checksum (why?). If to truncate
stuff they appends to PE-file then checksum value from generated exe is
not random for sure but not real one again.
Have no resources to compile it either for tests.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15539#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list