commit | 95993fbdb8d5993cd4710fdad8078ba80afd3d96 | [log] [tgz] |
---|---|---|
author | Tianjie Xu <xunchang@google.com> | Fri Dec 16 16:24:09 2016 -0800 |
committer | Teemu Hukkanen <teemu@fairphone.com> | Sun Mar 19 00:18:01 2017 +0100 |
tree | 8fddac8e5d619a7c03e18323e88b0dfe26a37297 | |
parent | 81c8b2a590dcf04299788f507d264bfefe645bc8 [diff] |
FPII-2799 :Elevation of privilege vulnerability in recovery verifier CVE-2017-0475 A-31914369 Add a checker for signature boundary in verifier The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1 (cherry-picked from f69e6a9475983b2ad46729e44ab58d2b22cd74d0) (cherry picked from commit 54ea136fded56810bf475885eb4bd7bf1b11f09c)
Team Win Recovery Project (TWRP)
The goal of this branch is to rebase TWRP onto AOSP while maintaining as much of the original AOSP code as possible. This goal should allow us to apply updates to the AOSP code going forward with little to no extra work. With this goal in mind, we will carefully consider any changes needed to the AOSP code before allowing them. In most cases, instead of changing the AOSP code, we'll create our own functions instead. The only changes that should be made to AOSP code should be those affecting startup of the recovery and some of the make files.
If there are changes that need to be merged from AOSP, we will pull the change directly from AOSP instead of creating a new patch in order to prevent merge conflicts with AOSP.
This branch is under final testing and will be used shortly for public builds, but has not officially been released.
You can find a compiling guide here.
More information about the project.
If you have code changes to submit those should be pushed to our gerrit instance. A guide can be found here.