Android 7.1.1 Release 32 (N4F26W)
Add a checker for signature boundary in verifier

The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.

Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.

Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
(cherry-picked from f69e6a9475983b2ad46729e44ab58d2b22cd74d0)

(cherry picked from commit 54ea136fded56810bf475885eb4bd7bf1b11f09c)
1 file changed
tree: f90c7c7c1e65b8ad4279dfe4883e46a80e0a7321
  1. applypatch/
  2. bootloader_message/
  3. edify/
  4. etc/
  5. fonts/
  6. minadbd/
  7. minui/
  8. minzip/
  9. mtdutils/
  10. otafault/
  11. res-hdpi/
  12. res-mdpi/
  13. res-xhdpi/
  14. res-xxhdpi/
  15. res-xxxhdpi/
  16. tests/
  17. tools/
  18. uncrypt/
  19. update_verifier/
  20. updater/
  21. adb_install.cpp
  22. adb_install.h
  23. Android.mk
  24. asn1_decoder.cpp
  25. asn1_decoder.h
  26. bootloader.h
  27. CleanSpec.mk
  28. common.h
  29. default_device.cpp
  30. device.cpp
  31. device.h
  32. error_code.h
  33. fuse_sdcard_provider.cpp
  34. fuse_sdcard_provider.h
  35. fuse_sideload.cpp
  36. fuse_sideload.h
  37. install.cpp
  38. install.h
  39. interlace-frames.py
  40. NOTICE
  41. print_sha1.h
  42. README.md
  43. recovery-persist.cpp
  44. recovery-persist.rc
  45. recovery-refresh.cpp
  46. recovery-refresh.rc
  47. recovery.cpp
  48. roots.cpp
  49. roots.h
  50. screen_ui.cpp
  51. screen_ui.h
  52. ui.cpp
  53. ui.h
  54. unique_fd.h
  55. verifier.cpp
  56. verifier.h
  57. wear_touch.cpp
  58. wear_touch.h
  59. wear_ui.cpp
  60. wear_ui.h
README.md

The Recovery Image

Quick turn-around testing

mm -j && m ramdisk-nodeps && m recoveryimage-nodeps

# To boot into the new recovery image
# without flashing the recovery partition:
adb reboot bootloader
fastboot boot $ANDROID_PRODUCT_OUT/recovery.img

Running the tests

# After setting up environment and lunch.
mmma -j bootable/recovery

# Running the tests on device.
adb root
adb sync data

# 32-bit device
adb shell /data/nativetest/recovery_unit_test/recovery_unit_test
adb shell /data/nativetest/recovery_component_test/recovery_component_test

# Or 64-bit device
adb shell /data/nativetest64/recovery_unit_test/recovery_unit_test
adb shell /data/nativetest64/recovery_component_test/recovery_component_test