diff options
| author | Tianjie Xu <xunchang@google.com> | 2017-01-18 23:22:16 +0100 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2017-01-18 23:22:16 +0100 |
| commit | 5346da02204e0eab672f717185603880ba604551 (patch) | |
| tree | 0ab7ad0af3eb148ba4cb49500de9baf3f34e1b11 | |
| parent | DO NOT MERGE Use updated libpng API (diff) | |
| parent | DO NOT MERGE: Add a checker for signature boundary in verifier (diff) | |
| download | android_bootable_recovery-5346da02204e0eab672f717185603880ba604551.tar android_bootable_recovery-5346da02204e0eab672f717185603880ba604551.tar.gz android_bootable_recovery-5346da02204e0eab672f717185603880ba604551.tar.bz2 android_bootable_recovery-5346da02204e0eab672f717185603880ba604551.tar.lz android_bootable_recovery-5346da02204e0eab672f717185603880ba604551.tar.xz android_bootable_recovery-5346da02204e0eab672f717185603880ba604551.tar.zst android_bootable_recovery-5346da02204e0eab672f717185603880ba604551.zip | |
| -rw-r--r-- | verifier.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/verifier.cpp b/verifier.cpp index 782a83863..23fab07b2 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -79,6 +79,13 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys LOGI("comment is %d bytes; signature %d bytes from end\n", comment_size, signature_start); + if (signature_start > comment_size) { + LOGE("signature start: %zu is larger than comment size: %zu\n", signature_start, + comment_size); + fclose(f); + return VERIFY_FAILURE; + } + if (signature_start - FOOTER_SIZE < RSANUMBYTES) { // "signature" block isn't big enough to contain an RSA block. LOGE("signature is too short\n"); |