Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add a checker for signature boundary in verifier | Tianjie Xu | 2016-12-17 | 1 | -0/+0 |
The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1 |