From b765729081399b6826c9d45d77c9c58ca2f32816 Mon Sep 17 00:00:00 2001
From: The Android Open Source Project <initial-contribution@android.com>
Date: Tue, 12 Jan 2010 15:18:06 -0800
Subject: android-2.1_r1 snapshot

---
 verifier.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'verifier.c')

diff --git a/verifier.c b/verifier.c
index f2491a14a..164fb4a01 100644
--- a/verifier.c
+++ b/verifier.c
@@ -123,7 +123,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
     int i;
     for (i = 4; i < eocd_size-3; ++i) {
         if (eocd[i  ] == 0x50 && eocd[i+1] == 0x4b &&
-            eocd[i+2] == 0x05 && eocd[i+1] == 0x06) {
+            eocd[i+2] == 0x05 && eocd[i+3] == 0x06) {
             // if the sequence $50 $4b $05 $06 appears anywhere after
             // the real one, minzip will find the later (wrong) one,
             // which could be exploitable.  Fail verification if
-- 
cgit v1.2.3