Security: Fix typo in recovery EOCD detection. This issue results in the ability to modify the contents of a signed OTA recovery image.

commit: 3b0f4847762a208e6cd166d420e15b0bf013e612 [log] [tgz]
author: Steve Kondik <shade@chemlab.org> Wed Dec 09 01:31:06 2009 -0500
committer: Steve Kondik <shade@chemlab.org> Wed Dec 09 01:31:06 2009 -0500
tree: a577cbc50181a1d895a4560fe919b72a5b092a54
parent: b2ce982d432338d36a41bd57e35a14459fc3d30b [diff] [blame]
diff --git a/verifier.c b/verifier.c
index f2491a1..164fb4a 100644
--- a/verifier.c
+++ b/verifier.c

@@ -123,7 +123,7 @@
     int i;
     for (i = 4; i < eocd_size-3; ++i) {
         if (eocd[i  ] == 0x50 && eocd[i+1] == 0x4b &&
-            eocd[i+2] == 0x05 && eocd[i+1] == 0x06) {
+            eocd[i+2] == 0x05 && eocd[i+3] == 0x06) {
             // if the sequence $50 $4b $05 $06 appears anywhere after
             // the real one, minzip will find the later (wrong) one,
             // which could be exploitable.  Fail verification if
commit	3b0f4847762a208e6cd166d420e15b0bf013e612	[log] [tgz]
author	Steve Kondik <shade@chemlab.org>	Wed Dec 09 01:31:06 2009 -0500
committer	Steve Kondik <shade@chemlab.org>	Wed Dec 09 01:31:06 2009 -0500
tree	a577cbc50181a1d895a4560fe919b72a5b092a54
parent	b2ce982d432338d36a41bd57e35a14459fc3d30b [diff] [blame]