Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2016-12-17 | Add a checker for signature boundary in verifier | Tianjie Xu | 1 | -0/+0 | |
The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1 |