Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2017-03-27 | tests: Construct signature-boundary.zip at runtime. | Tao Bao | 1 | -0/+0 | |
Test: Observe the same failure with recovery_component_test ("signature start: 65535 is larger than comment size: 0"). Change-Id: I98c357b5df2fa4caa9d8eed63af2e945ed99f18a | |||||
2016-12-17 | Add a checker for signature boundary in verifier | Tianjie Xu | 1 | -0/+0 | |
The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1 |