Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / bootable / recovery / refs/heads/fp2-sibon-twrp
commit95993fbdb8d5993cd4710fdad8078ba80afd3d96[log] [tgz]
authorTianjie Xu <xunchang@google.com>Fri Dec 16 16:24:09 2016 -0800
committerTeemu Hukkanen <teemu@fairphone.com>Sun Mar 19 00:18:01 2017 +0100
tree8fddac8e5d619a7c03e18323e88b0dfe26a37297
parent81c8b2a590dcf04299788f507d264bfefe645bc8 [diff]
FPII-2799 :Elevation of privilege vulnerability in recovery verifier CVE-2017-0475 A-31914369

Add a checker for signature boundary in verifier

The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.

Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.

Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
(cherry-picked from f69e6a9475983b2ad46729e44ab58d2b22cd74d0)
(cherry picked from commit 54ea136fded56810bf475885eb4bd7bf1b11f09c)
1 file changed
tree: 8fddac8e5d619a7c03e18323e88b0dfe26a37297
  1. applypatch/
  2. bmlutils/
  3. crypto/
  4. digest/
  5. dosfstools/
  6. edify/
  7. etc/
  8. exfat/
  9. fb2png/
  10. flashutils/
  11. fonts/
  12. fuse/
  13. gui/
  14. htcdumlock/
  15. injecttwrp/
  16. libblkid/
  17. libcrecovery/
  18. libmincrypt/
  19. libtar/
  20. minadbd/
  21. minui/
  22. minuitwrp/
  23. minzip/
  24. mmcutils/
  25. mtdutils/
  26. mtp/
  27. openaes/
  28. orscmd/
  29. pigz/
  30. prebuilt/
  31. res/
  32. res-hdpi/
  33. res-mdpi/
  34. res-xhdpi/
  35. res-xxhdpi/
  36. res-xxxhdpi/
  37. testdata/
  38. tests/
  39. toolbox/
  40. tools/
  41. twrpTarMain/
  42. uncrypt/
  43. updater/
  44. .gitignore
  45. adb_install.cpp
  46. adb_install.h
  47. Android.mk
  48. asn1_decoder.cpp
  49. asn1_decoder.h
  50. bootloader.cpp
  51. bootloader.h
  52. CleanSpec.mk
  53. common.h
  54. data.cpp
  55. data.hpp
  56. default_device.cpp
  57. device.h
  58. find_file.cpp
  59. find_file.hpp
  60. fixPermissions.cpp
  61. fixPermissions.hpp
  62. fuse.h
  63. fuse_sdcard_provider.c
  64. fuse_sdcard_provider.h
  65. fuse_sideload.c
  66. fuse_sideload.h
  67. infomanager.cpp
  68. infomanager.hpp
  69. install.cpp
  70. install.h
  71. interlace-frames.py
  72. legacy_properties.h
  73. legacy_property_service.c
  74. legacy_property_service.h
  75. mounts.c
  76. mounts.h
  77. NOTICE
  78. openrecoveryscript.cpp
  79. openrecoveryscript.hpp
  80. partition.cpp
  81. partitionmanager.cpp
  82. partitions.hpp
  83. README.md
  84. recovery.cpp
  85. recovery_ui.h
  86. roots.cpp
  87. roots.h
  88. screen_ui.cpp
  89. screen_ui.h
  90. set_metadata.c
  91. set_metadata.h
  92. tarWrite.c
  93. tarWrite.h
  94. tw_atomic.cpp
  95. tw_atomic.hpp
  96. twcommon.h
  97. twinstall.cpp
  98. twinstall.h
  99. twrp-functions.cpp
  100. twrp-functions.hpp
  101. twrp.cpp
  102. twrpDigest.cpp
  103. twrpDigest.hpp
  104. twrpDU.cpp
  105. twrpDU.hpp
  106. twrpTar.cpp
  107. twrpTar.h
  108. twrpTar.hpp
  109. ui.cpp
  110. ui.h
  111. variables.h
  112. verifier.cpp
  113. verifier.h
  114. verifier_test.cpp
  115. verifier_test.sh
README.md

Team Win Recovery Project (TWRP)

The goal of this branch is to rebase TWRP onto AOSP while maintaining as much of the original AOSP code as possible. This goal should allow us to apply updates to the AOSP code going forward with little to no extra work. With this goal in mind, we will carefully consider any changes needed to the AOSP code before allowing them. In most cases, instead of changing the AOSP code, we'll create our own functions instead. The only changes that should be made to AOSP code should be those affecting startup of the recovery and some of the make files.

If there are changes that need to be merged from AOSP, we will pull the change directly from AOSP instead of creating a new patch in order to prevent merge conflicts with AOSP.

This branch is under final testing and will be used shortly for public builds, but has not officially been released.

You can find a compiling guide here.

More information about the project.

If you have code changes to submit those should be pushed to our gerrit instance. A guide can be found here.