Add a checker for signature boundary in verifier The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1

commit: f69e6a9475983b2ad46729e44ab58d2b22cd74d0 [log] [tgz]
author: Tianjie Xu <xunchang@google.com> Fri Dec 16 14:27:55 2016 -0800
committer: Tianjie Xu <xunchang@google.com> Fri Dec 16 16:01:42 2016 -0800
tree: e67d6d8b861198b42f3e46c71702630b6116042b
parent: cc1ecf792f53fa6e9a7189506542bd428aa31a41 [diff] [blame]
diff --git a/verifier.cpp b/verifier.cpp
index 44098f7..8245486 100644
--- a/verifier.cpp
+++ b/verifier.cpp

@@ -147,6 +147,12 @@
     LOG(INFO) << "comment is " << comment_size << " bytes; signature is " << signature_start
               << " bytes from end";
 
+    if (signature_start > comment_size) {
+        LOG(ERROR) << "signature start: " << signature_start << " is larger than comment size: "
+                   << comment_size;
+        return VERIFY_FAILURE;
+    }
+
     if (signature_start <= FOOTER_SIZE) {
         LOG(ERROR) << "Signature start is in the footer";
         return VERIFY_FAILURE;
commit	f69e6a9475983b2ad46729e44ab58d2b22cd74d0	[log] [tgz]
author	Tianjie Xu <xunchang@google.com>	Fri Dec 16 14:27:55 2016 -0800
committer	Tianjie Xu <xunchang@google.com>	Fri Dec 16 16:01:42 2016 -0800
tree	e67d6d8b861198b42f3e46c71702630b6116042b
parent	cc1ecf792f53fa6e9a7189506542bd428aa31a41 [diff] [blame]