Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1e3e7a95 authored by Michael Groover's avatar Michael Groover Committed by Automerger Merge Worker
Browse files

Merge "Limit the number of supported v1 and v2 signers" into rvc-dev am:... 

Merge "Limit the number of supported v1 and v2 signers" into rvc-dev am: 00f3afec am: d8cdf2d9 am: b4784aeb am: 027abf19 am: 6cc59ca4 am: 35b54f3b

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/22390145



Change-Id: Ic8d76e537f60f9f3c95622dcf983d364b0b7b012
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents bf0bbac6 35b54f3b

core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java

+10 −0
Original line number Diff line number Diff line
@@ -74,6 +74,11 @@ public class ApkSignatureSchemeV2Verifier { 


    private static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a;



    /**

     * The maximum number of signers supported by the v2 APK signature scheme.

     */

    private static final int MAX_V2_SIGNERS = 10;



    /**

     * Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature.

     *
@@ -182,6 +187,11 @@ public class ApkSignatureSchemeV2Verifier { 
        }

        while (signers.hasRemaining()) {

            signerCount++;

            if (signerCount > MAX_V2_SIGNERS) {

                throw new SecurityException(

                        "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS

                                + " signers");

            }

            try {

                ByteBuffer signer = getLengthPrefixedSlice(signers);

                X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory);

core/java/android/util/jar/StrictJarVerifier.java

+11 −0
Original line number Diff line number Diff line
@@ -78,6 +78,11 @@ class StrictJarVerifier { 
        "SHA1",

    };



    /**

     * The maximum number of signers supported by the JAR signature scheme.

     */

    private static final int MAX_JAR_SIGNERS = 10;



    private final String jarName;

    private final StrictJarManifest manifest;

    private final HashMap<String, byte[]> metaEntries;
@@ -293,10 +298,16 @@ class StrictJarVerifier { 
            return false;

        }



        int signerCount = 0;

        Iterator<String> it = metaEntries.keySet().iterator();

        while (it.hasNext()) {

            String key = it.next();

            if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {

                if (++signerCount > MAX_JAR_SIGNERS) {

                    throw new SecurityException(

                            "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS

                                    + " signers");

                }

                verifyCertificate(key);

                it.remove();

            }