Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: Construct signature-boundary.zip at runtime. | Tao Bao | 2017-03-27 | 1 | -0/+0 |
| | | | | | | Test: Observe the same failure with recovery_component_test ("signature start: 65535 is larger than comment size: 0"). Change-Id: I98c357b5df2fa4caa9d8eed63af2e945ed99f18a | ||||
* | Add a checker for signature boundary in verifier | Tianjie Xu | 2016-12-17 | 1 | -0/+0 |
The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1 |