[Mono-bugs] [Bug 79741][Nor] New - signcode creates bad signature when data follows the last PE section

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Oct 25 22:41:12 EDT 2006


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by elevine at gmail.com.

http://bugzilla.ximian.com/show_bug.cgi?id=79741

--- shadow/79741	2006-10-25 22:41:12.000000000 -0400
+++ shadow/79741.tmp.12449	2006-10-25 22:41:12.000000000 -0400
@@ -0,0 +1,34 @@
+Bug#: 79741
+Product: Mono: Class Libraries
+Version: unspecified
+OS: All
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com                            
+ReportedBy: elevine at gmail.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: signcode creates bad signature when data follows the last PE section
+
+Description of Problem:
+Mono.Security.Authenticode computes the hash by including all the data
+until the very end of the file being signed/verified, however if the file
+contains data following the last PE section this is incorrect according to
+Microsoft.  This causes the signcode tool to create a signature which is
+invalid for Authenticode on Windows.  See Appendix A of
+http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/pecoff_v8.doc
+for more information about what is supposed to be excluded from the hash
+computation.
+
+Examples of files for which signcode creates a bad signature:
+1. EXE files with debugging info, for example files built with mingw
+default compiler and linker flags that have not yet been stripped (simple
+workaround in this case is to strip the file first)
+2. Installer files created with makensis http://nsis.sourceforge.net (no
+workaround known)


More information about the mono-bugs mailing list