diff options
author | Michael Groover <mpgroover@google.com> | 2023-04-05 04:20:13 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-04-05 04:20:13 +0000 |
commit | 1e3e7a95bf6f32622cc1be2be8ac4135e1422d55 (patch) | |
tree | 3ef73fa31735cb72b2c298ffad9e0730ff6c4373 | |
parent | bf0bbac6d326e3fbcd978b6390aa7a8d13f819bc (diff) | |
parent | 35b54f3b44412aee30303dd3c2a1ce52e08707ee (diff) | |
download | base-1e3e7a95bf6f32622cc1be2be8ac4135e1422d55.tar.gz |
Merge "Limit the number of supported v1 and v2 signers" into rvc-dev am: 00f3afecdb am: d8cdf2d931 am: b4784aeb00 am: 027abf1925 am: 6cc59ca486 am: 35b54f3b44
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/22390145
Change-Id: Ic8d76e537f60f9f3c95622dcf983d364b0b7b012
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java | 10 | ||||
-rw-r--r-- | core/java/android/util/jar/StrictJarVerifier.java | 11 |
2 files changed, 21 insertions, 0 deletions
diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java index c8c1fd4eba21..9801559854f9 100644 --- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java +++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java @@ -75,6 +75,11 @@ public class ApkSignatureSchemeV2Verifier { private static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a; /** + * The maximum number of signers supported by the v2 APK signature scheme. + */ + private static final int MAX_V2_SIGNERS = 10; + + /** * Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature. * * <p><b>NOTE: This method does not verify the signature.</b> @@ -182,6 +187,11 @@ public class ApkSignatureSchemeV2Verifier { } while (signers.hasRemaining()) { signerCount++; + if (signerCount > MAX_V2_SIGNERS) { + throw new SecurityException( + "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS + + " signers"); + } try { ByteBuffer signer = getLengthPrefixedSlice(signers); X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory); diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java index 45254908c5c9..a6aca330d323 100644 --- a/core/java/android/util/jar/StrictJarVerifier.java +++ b/core/java/android/util/jar/StrictJarVerifier.java @@ -78,6 +78,11 @@ class StrictJarVerifier { "SHA1", }; + /** + * The maximum number of signers supported by the JAR signature scheme. + */ + private static final int MAX_JAR_SIGNERS = 10; + private final String jarName; private final StrictJarManifest manifest; private final HashMap<String, byte[]> metaEntries; @@ -293,10 +298,16 @@ class StrictJarVerifier { return false; } + int signerCount = 0; Iterator<String> it = metaEntries.keySet().iterator(); while (it.hasNext()) { String key = it.next(); if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) { + if (++signerCount > MAX_JAR_SIGNERS) { + throw new SecurityException( + "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS + + " signers"); + } verifyCertificate(key); it.remove(); } |