diff options
author | Doug Zongker <dougz@android.com> | 2009-08-14 16:42:35 -0700 |
---|---|---|
committer | Doug Zongker <dougz@android.com> | 2009-08-14 17:15:46 -0700 |
commit | badd2ca451ee7a408f55632025cbe69649b426b5 (patch) | |
tree | e0d1ed1ab56b63d56797a8214655764c8c1b2891 /tools | |
parent | 09cf56001a214bdb22b720c323b9c7c73feea63f (diff) | |
download | build-badd2ca451ee7a408f55632025cbe69649b426b5.zip build-badd2ca451ee7a408f55632025cbe69649b426b5.tar.gz build-badd2ca451ee7a408f55632025cbe69649b426b5.tar.bz2 |
fix endianness problem with the tail of the signature comment
The two 0xff bytes were intended to easily distinguish files with
whole file signatures from those without, but I got the endianness
backwards. Go ahead and fix that, as long as I'm making changes to
the verifier anyway.
Check for a signature that includes the sequence 0x50 0x4b 0x05 0x06,
which looks to minzip like the start of the EOCD block.
Diffstat (limited to 'tools')
-rw-r--r-- | tools/signapk/SignApk.java | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/tools/signapk/SignApk.java b/tools/signapk/SignApk.java index 73bb3fe..3244a49 100644 --- a/tools/signapk/SignApk.java +++ b/tools/signapk/SignApk.java @@ -340,14 +340,33 @@ class SignApk { } // signature starts this many bytes from the end of the file int signature_start = total_size - message.length - 1; - temp.write(0xff); - temp.write(0xff); temp.write(signature_start & 0xff); temp.write((signature_start >> 8) & 0xff); + // Why the 0xff bytes? In a zip file with no archive comment, + // bytes [-6:-2] of the file are the little-endian offset from + // the start of the file to the central directory. So for the + // two high bytes to be 0xff 0xff, the archive would have to + // be nearly 4GB in side. So it's unlikely that a real + // commentless archive would have 0xffs here, and lets us tell + // an old signed archive from a new one. + temp.write(0xff); + temp.write(0xff); temp.write(total_size & 0xff); temp.write((total_size >> 8) & 0xff); temp.flush(); + // Signature verification checks that the EOCD header is the + // last such sequence in the file (to avoid minzip finding a + // fake EOCD appended after the signature in its scan). The + // odds of producing this sequence by chance are very low, but + // let's catch it here if it does. + byte[] b = temp.toByteArray(); + for (int i = 0; i < b.length-3; ++i) { + if (b[i] == 0x50 && b[i+1] == 0x4b && b[i+2] == 0x05 && b[i+3] == 0x06) { + throw new IllegalArgumentException("found spurious EOCD header at " + i); + } + } + outputStream.write(zipData, 0, zipData.length-2); outputStream.write(total_size & 0xff); outputStream.write((total_size >> 8) & 0xff); |