diff options
author | Tianjie Xu <xunchang@google.com> | 2016-12-19 21:44:36 +0100 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-12-19 21:44:37 +0100 |
commit | 71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1 (patch) | |
tree | 5abefbeced68aa78e3e67ec2dd493a1af0f7093f | |
parent | Merge "Bugfix:updater always retry apply patch failed,when memcpy failed." am: e81719dde3 am: b0337774b2 am: 88bd5d59de (diff) | |
parent | Add a checker for signature boundary in verifier (diff) | |
download | android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.gz android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.bz2 android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.lz android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.xz android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.zst android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.zip |
-rw-r--r-- | tests/component/verifier_test.cpp | 3 | ||||
-rw-r--r-- | tests/testdata/signature-boundary.zip | bin | 0 -> 22 bytes | |||
-rw-r--r-- | verifier.cpp | 6 |
3 files changed, 8 insertions, 1 deletions
diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp index 33aadb3fb..8d8b461cb 100644 --- a/tests/component/verifier_test.cpp +++ b/tests/component/verifier_test.cpp @@ -155,4 +155,5 @@ INSTANTIATE_TEST_CASE_P(BadPackage, VerifierFailureTest, std::vector<std::string>({"random.zip", "v1"}), std::vector<std::string>({"fake-eocd.zip", "v1"}), std::vector<std::string>({"alter-metadata.zip", "v1"}), - std::vector<std::string>({"alter-footer.zip", "v1"}))); + std::vector<std::string>({"alter-footer.zip", "v1"}), + std::vector<std::string>({"signature-boundary.zip", "v1"}))); diff --git a/tests/testdata/signature-boundary.zip b/tests/testdata/signature-boundary.zip Binary files differnew file mode 100644 index 000000000..64a3cfa15 --- /dev/null +++ b/tests/testdata/signature-boundary.zip diff --git a/verifier.cpp b/verifier.cpp index 44098f70e..82454867b 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -147,6 +147,12 @@ int verify_file(unsigned char* addr, size_t length, LOG(INFO) << "comment is " << comment_size << " bytes; signature is " << signature_start << " bytes from end"; + if (signature_start > comment_size) { + LOG(ERROR) << "signature start: " << signature_start << " is larger than comment size: " + << comment_size; + return VERIFY_FAILURE; + } + if (signature_start <= FOOTER_SIZE) { LOG(ERROR) << "Signature start is in the footer"; return VERIFY_FAILURE; |