Go Back   FlashFXP Forums > >

Website Comments, Suggestions, Questions, Concerns, Fan mail, Hate mail, Whatever goes.

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 04-02-2015, 06:57 AM   #1
benjamin3
Senior Member
FlashFXP Beta Tester
 
Join Date: Jul 2005
Posts: 106
Exclamation LiveUpdate Issues

Quote:
Originally Posted by bigstar View Post
I have released an update 5.1.0 build 3824 to better protect our users from any future dns hi-jacking attempts.

When preforming an update check the update check reply messages now include a digital signature, if the digital signature is missing or invalid then the server reply is discarded.

FlashFXP will only process the server reply if the digital signature can be verified.

After downloading the program updates additional checking is performed to ensure that the digital signature is owned by us, if the digital signature fails validation or doesn't match then the downloaded content is deleted.

hi , tried updating from build 3825 -> 3826 , it resulted 3times in a faulty download and then the resulting "incomplete download" window the button click doesnt work.

i tried then from a 2nd installation the downloaded update file :

sha1: DB50C3DD907A74B02ECE2DF9ACB0A760D35C224C
FlashFXP5_3826_Setup.exe

and manually point to portable installation folder of 3825 , tried to install "over" but resulted in still the same build 3825 , it seemed the installation just didnt overwrite the files. i remember you told once that that kind of setup file can also be used to install/manually update a portable installation.

i expect the 3826_setup.exe file (i just did a copy of this .exe file during updating my first 3824 build) to be the same update file like the plain normal standalone installer ,

what about the ability to have those build setup exe files in a sticky thread with proper md5/sha1 checksums , just to be sure ?

Last edited by benjamin3; 04-02-2015 at 07:07 AM.
benjamin3 is offline  
Old 04-02-2015, 07:08 AM   #2
benjamin3
Senior Member
FlashFXP Beta Tester
 
Join Date: Jul 2005
Posts: 106
Default

for better understanding :

that was the usual screen showing update avail from 3825 -> 3826 ... lets click download, and 3 times the download bar didnt properly finished, so i was afraid that the installer perhaps was compromised , but while reading your thread that you implemented the security check in 3824 i dont think that i have the wrong file.

to be 100% sure and not using a wrong 3825 .exe file , here's sha1 checksum of 3825 flashfxp.exe , can you confirm please ;-):

sha1 0A2CB5E2D6BA13B87504F47F3E39E449985F3C22 // FlashFXP.exe (3825 build)

i tested now again the live updater, and 3825->3826 now is proper downloaded, but mcafee recoqnized the first time in my life a buffer overflow for this kind of flashfxp update process. anyone else had this ? i ignored mcafee popup and continued to click "update" and update 3825->3826 went smooth.



the 3826 setup .exe which was downloaded into /cache directory has same sha1 checksum , so this looks fine

sha1: DB50C3DD907A74B02ECE2DF9ACB0A760D35C224C
FlashFXP5_3826_Setup.exe

what causes that buffer overflow, just wanted to report this
benjamin3 is offline  
Old 04-02-2015, 07:55 AM   #3
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

Quote:
Originally Posted by benjamin3 View Post
hi , tried updating from build 3825 -> 3826 , it resulted 3times in a faulty download and then the resulting "incomplete download" window the button click doesnt work.
I am looking into this issue, How much time has elapsed before the download fails with an error?

Quote:
Originally Posted by benjamin3 View Post
i tried then from a 2nd installation the downloaded update file :

sha1: DB50C3DD907A74B02ECE2DF9ACB0A760D35C224C
FlashFXP5_3826_Setup.exe

and manually point to portable installation folder of 3825 , tried to install "over" but resulted in still the same build 3825 , it seemed the installation just didnt overwrite the files. i remember you told once that that kind of setup file can also be used to install/manually update a portable installation.

i expect the 3826_setup.exe file (i just did a copy of this .exe file during updating my first 3824 build) to be the same update file like the plain normal standalone installer ,
Well I'm afraid you can't use the same installer for both, but you can use the program files installed by the standard installer, just copy over the files (i.e. flashfxp.exe, flashfxp.chm, etc) to the folder of your portable installation.


Quote:
Originally Posted by benjamin3 View Post
What about the ability to have those build setup exe files in a sticky thread with proper md5/sha1 checksums , just to be sure ?
I will see what I can do, an ideal solution would be one that could be automated, that way we can avoid human error on my part
bigstar is offline  
Old 04-02-2015, 01:18 PM   #4
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

Quote:
i tested now again the live updater, and 3825->3826 now is proper downloaded, but mcafee recoqnized the first time in my life a buffer overflow for this kind of flashfxp update process. anyone else had this ? i ignored mcafee popup and continued to click "update" and update 3825->3826 went smooth.
At what specific moment did this appear?

And what specific mcafee product is that?

FlashFXP.exe v5.1.0 build 3825
SHA1: 0a2cb5e2d6ba13b87504f47f3e39e449985f3c22

FlashFXP.exe v5.1.0 build 3826
SHA1: 44370ab443976b314726095d2fe2c2b42276f6a6

Last edited by bigstar; 04-02-2015 at 03:01 PM.
bigstar is offline  
Closed Thread

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 05:18 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)