Skip to content

Commit 59c9938

Browse files
donhodonho
committed
Security enhancement: provide a way to verify the download URL
Add a new command line argument to indicate the domain prefix of download URL. If the argument "-dDOMAIN_PREFIX" is provided but download URL doesn't contain the indicated prefix, the download file won't be processed and WinGUp will exit.
1 parent 438c934 commit 59c9938

File tree

1 file changed

+21
-1
lines changed

1 file changed

+21
-1
lines changed

src/winmain.cpp

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1172,7 +1172,9 @@ int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE, PWSTR lpszCmdLine, int)
11721172

11731173
wstring version;
11741174
wstring customParam;
1175-
wstring customInfoUrl;
1175+
1176+
wstring customInfoUrl; // if not empty, it will override infoUrl value in gup.xml
1177+
wstring forceDomain; // if not empty, force GUP to ensure the download URL info belong to this domain.
11761178

11771179
ParamVector params;
11781180
parseCommandLine(lpszCmdLine, params);
@@ -1186,6 +1188,7 @@ int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE, PWSTR lpszCmdLine, int)
11861188
getParamVal('v', params, version);
11871189
getParamVal('p', params, customParam);
11881190
getParamVal('i', params, customInfoUrl); // Optional. If empty, the value in gup.xml will be used.
1191+
getParamVal('d', params, forceDomain); // Optional. If empty, the download URL's domain won't be controlled. The URI should be included.
11891192

11901193
// Object (gupParams) is moved here because we need app icon form configuration file
11911194
GupParameters gupParams(L"gup.xml");
@@ -1468,6 +1471,23 @@ int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE, PWSTR lpszCmdLine, int)
14681471
return 0;
14691472
}
14701473

1474+
bool isDomaineOK = true;
1475+
if (!forceDomain.empty())
1476+
{
1477+
const auto& downloadURL = gupDlInfo.getDownloadLocation();
1478+
1479+
if (downloadURL.size() <= forceDomain.size() // download URL must be longer than forceDomain
1480+
|| downloadURL.compare(0, forceDomain.size(), forceDomain) != 0) // Check if forceDomain is a prefix of download URL
1481+
{
1482+
isDomaineOK = false;
1483+
}
1484+
}
1485+
1486+
if (!isDomaineOK)
1487+
{
1488+
WRITE_LOG(GUP_LOG_FILENAME, L"return -1 in Npp Updater part: ", L"Domain is not matched for download URL. The file download won't be processed.");
1489+
return -1;
1490+
}
14711491

14721492
//
14731493
// Process Update Info

0 commit comments

Comments
 (0)