diff options
| author | Tianjie Xu <xunchang@google.com> | 2016-12-17 01:24:09 +0100 |
|---|---|---|
| committer | Tianjie Xu <xunchang@google.com> | 2016-12-20 01:46:44 +0100 |
| commit | f616da172602c0098af3e14e64c9b0a797159a2d (patch) | |
| tree | 0ab7ad0af3eb148ba4cb49500de9baf3f34e1b11 | |
| parent | DO NOT MERGE Use updated libpng API (diff) | |
| download | android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.gz android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.bz2 android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.lz android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.xz android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.tar.zst android_bootable_recovery-f616da172602c0098af3e14e64c9b0a797159a2d.zip | |
| -rw-r--r-- | verifier.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/verifier.cpp b/verifier.cpp index 782a83863..23fab07b2 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -79,6 +79,13 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys LOGI("comment is %d bytes; signature %d bytes from end\n", comment_size, signature_start); + if (signature_start > comment_size) { + LOGE("signature start: %zu is larger than comment size: %zu\n", signature_start, + comment_size); + fclose(f); + return VERIFY_FAILURE; + } + if (signature_start - FOOTER_SIZE < RSANUMBYTES) { // "signature" block isn't big enough to contain an RSA block. LOGE("signature is too short\n"); |