Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core / 7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c
commit7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c[log] [tgz]
authorSami Tolvanen <samitolvanen@google.com>Tue Jan 27 16:48:35 2015 +0000
committerSami Tolvanen <samitolvanen@google.com>Tue Jan 27 17:19:35 2015 +0000
tree2a8e39637027635f9ea36504b37573b2e23cdf17
parenta76f057af81b7a03c9c18af0bcb763f7e7f03fbf [diff]
Verify token length before adb signs it

Currently, a host running adb will sign a token of any length passed
to it by a device, effectively acting as a signing oracle. If the
ADB_VENDOR_KEYS environment variable is used to specify an additional
key to use, this behavior is not only unexpected, but probably also
unwanted. Further discussion can be found from this thread:

  http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html

This change adds a check to ensure token length matches TOKEN_SIZE
before it's signed, which prevents an attacker from signing longer
messages.

Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
1 file changed
tree: 2a8e39637027635f9ea36504b37573b2e23cdf17
  1. adb/
  2. adf/
  3. cpio/
  4. debuggerd/
  5. fastboot/
  6. fastbootd/
  7. fs_mgr/
  8. gpttool/
  9. healthd/
  10. include/
  11. init/
  12. libbacktrace/
  13. libcutils/
  14. libdiskconfig/
  15. libion/
  16. liblog/
  17. libmemtrack/
  18. libmincrypt/
  19. libnativebridge/
  20. libnetutils/
  21. libpixelflinger/
  22. libprocessgroup/
  23. libsparse/
  24. libsuspend/
  25. libsync/
  26. libsysutils/
  27. libusbhost/
  28. libutils/
  29. libziparchive/
  30. libzipfile/
  31. lmkd/
  32. logcat/
  33. logd/
  34. logwrapper/
  35. mkbootimg/
  36. netcfg/
  37. reboot/
  38. rootdir/
  39. run-as/
  40. sdcard/
  41. toolbox/
  42. .gitignore
  43. Android.mk
  44. CleanSpec.mk
  45. MODULE_LICENSE_APACHE2
  46. NOTICE