[tor-bugs] #15539 [Tor bundles/installation]: Removing signature on Tor Browser .exe should result in SHA256 value listed in sha256sums.txt
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 1 14:50:28 UTC 2015
#15539: Removing signature on Tor Browser .exe should result in SHA256 value listed
in sha256sums.txt
------------------------------------------+-----------------
Reporter: gk | Owner: gk
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------------------------+-----------------
Comment (by gk):
Padding is not the only issue. If you take torbrowser-install-4.5a5_ko.exe
before the authenticode signing, sign it and strip the signature you get
still a broken PE-Header:
{{{
--- /dev/fd/63 2015-04-01 14:37:37.594384310 +0000
+++ /dev/fd/62 2015-04-01 14:37:37.590384415 +0000
@@ -11,7 +11,7 @@
00000a0: 0050 0000 00ac 0100 2743 0000 0010 0000 .P......'C......
00000b0: 00a0 0000 0000 4000 0010 0000 0002 0000 ...... at .........
00000c0: 0400 0000 0600 0000 0400 0000 0000 0000 ................
-00000d0: 0060 0400 0004 0000 41b6 0100 0200 0080 .`......A.......
+00000d0: 0060 0400 0004 0000 94d0 2702 0200 0080 .`........'.....
00000e0: 0000 2000 0010 0000 0000 1000 0010 0000 .. .............
00000f0: 0000 0000 1000 0000 0000 0000 0000 0000 ................
0000100: 0090 0200 0413 0000 00c0 0300 a894 0000 ................
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15539#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list