summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTianjie Xu <xunchang@google.com>2016-12-19 21:44:36 +0100
committerAndroid (Google) Code Review <android-gerrit@google.com>2016-12-19 21:44:37 +0100
commit71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1 (patch)
tree5abefbeced68aa78e3e67ec2dd493a1af0f7093f
parentMerge "Bugfix:updater always retry apply patch failed,when memcpy failed." am: e81719dde3 am: b0337774b2 am: 88bd5d59de (diff)
parentAdd a checker for signature boundary in verifier (diff)
downloadandroid_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar
android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.gz
android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.bz2
android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.lz
android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.xz
android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.tar.zst
android_bootable_recovery-71a67b3354ac0bb5ddf8b5ae91d0e058821b27d1.zip
-rw-r--r--tests/component/verifier_test.cpp3
-rw-r--r--tests/testdata/signature-boundary.zipbin0 -> 22 bytes
-rw-r--r--verifier.cpp6
3 files changed, 8 insertions, 1 deletions
diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp
index 33aadb3fb..8d8b461cb 100644
--- a/tests/component/verifier_test.cpp
+++ b/tests/component/verifier_test.cpp
@@ -155,4 +155,5 @@ INSTANTIATE_TEST_CASE_P(BadPackage, VerifierFailureTest,
std::vector<std::string>({"random.zip", "v1"}),
std::vector<std::string>({"fake-eocd.zip", "v1"}),
std::vector<std::string>({"alter-metadata.zip", "v1"}),
- std::vector<std::string>({"alter-footer.zip", "v1"})));
+ std::vector<std::string>({"alter-footer.zip", "v1"}),
+ std::vector<std::string>({"signature-boundary.zip", "v1"})));
diff --git a/tests/testdata/signature-boundary.zip b/tests/testdata/signature-boundary.zip
new file mode 100644
index 000000000..64a3cfa15
--- /dev/null
+++ b/tests/testdata/signature-boundary.zip
Binary files differ
diff --git a/verifier.cpp b/verifier.cpp
index 44098f70e..82454867b 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -147,6 +147,12 @@ int verify_file(unsigned char* addr, size_t length,
LOG(INFO) << "comment is " << comment_size << " bytes; signature is " << signature_start
<< " bytes from end";
+ if (signature_start > comment_size) {
+ LOG(ERROR) << "signature start: " << signature_start << " is larger than comment size: "
+ << comment_size;
+ return VERIFY_FAILURE;
+ }
+
if (signature_start <= FOOTER_SIZE) {
LOG(ERROR) << "Signature start is in the footer";
return VERIFY_FAILURE;