summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTianjie Xu <xunchang@google.com>2016-12-17 01:24:09 +0100
committerTianjie Xu <xunchang@google.com>2016-12-20 01:46:44 +0100
commitf616da172602c0098af3e14e64c9b0a797159a2d (patch)
tree0ab7ad0af3eb148ba4cb49500de9baf3f34e1b11
parentDO NOT MERGE Use updated libpng API (diff)
downloadandroid_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar
android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.gz
android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.bz2
android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.lz
android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.xz
android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.zst
android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.zip
-rw-r--r--verifier.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/verifier.cpp b/verifier.cpp
index 782a83863..23fab07b2 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -79,6 +79,13 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys
LOGI("comment is %d bytes; signature %d bytes from end\n",
comment_size, signature_start);
+ if (signature_start > comment_size) {
+ LOGE("signature start: %zu is larger than comment size: %zu\n", signature_start,
+ comment_size);
+ fclose(f);
+ return VERIFY_FAILURE;
+ }
+
if (signature_start - FOOTER_SIZE < RSANUMBYTES) {
// "signature" block isn't big enough to contain an RSA block.
LOGE("signature is too short\n");