mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-16 09:57:10 -05:00
85 lines
3.7 KiB
Diff
85 lines
3.7 KiB
Diff
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Michael Groover <mpgroover@google.com>
|
||
|
Date: Fri, 31 Mar 2023 21:31:22 +0000
|
||
|
Subject: [PATCH] Limit the number of supported v1 and v2 signers
|
||
|
|
||
|
The v1 and v2 APK Signature Schemes support multiple signers; this
|
||
|
was intended to allow multiple entities to sign an APK. Previously,
|
||
|
the platform had no limits placed on the number of signers supported
|
||
|
in an APK, but this commit sets a hard limit of 10 supported signers
|
||
|
for these signature schemes to ensure a large number of signers
|
||
|
does not place undue burden on the platform.
|
||
|
|
||
|
Bug: 266580022
|
||
|
Test: Manually verified the platform only allowed an APK with the
|
||
|
maximum number of supported signers.
|
||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f6ee8a55f37c2b8c0df041b2bd53ec928764597)
|
||
|
Merged-In: I6aa86b615b203cdc69d58a593ccf8f18474ca091
|
||
|
Change-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091
|
||
|
---
|
||
|
.../util/apk/ApkSignatureSchemeV2Verifier.java | 10 ++++++++++
|
||
|
core/java/android/util/jar/StrictJarVerifier.java | 11 +++++++++++
|
||
|
2 files changed, 21 insertions(+)
|
||
|
|
||
|
diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
||
|
index 533d72590f0a..d5f6ebe8c2e9 100644
|
||
|
--- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
||
|
+++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
||
|
@@ -83,6 +83,11 @@ public class ApkSignatureSchemeV2Verifier {
|
||
|
|
||
|
private static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a;
|
||
|
|
||
|
+ /**
|
||
|
+ * The maximum number of signers supported by the v2 APK signature scheme.
|
||
|
+ */
|
||
|
+ private static final int MAX_V2_SIGNERS = 10;
|
||
|
+
|
||
|
/**
|
||
|
* Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature.
|
||
|
*
|
||
|
@@ -188,6 +193,11 @@ public class ApkSignatureSchemeV2Verifier {
|
||
|
}
|
||
|
while (signers.hasRemaining()) {
|
||
|
signerCount++;
|
||
|
+ if (signerCount > MAX_V2_SIGNERS) {
|
||
|
+ throw new SecurityException(
|
||
|
+ "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS
|
||
|
+ + " signers");
|
||
|
+ }
|
||
|
try {
|
||
|
ByteBuffer signer = getLengthPrefixedSlice(signers);
|
||
|
X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory);
|
||
|
diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java
|
||
|
index 45254908c5c9..a6aca330d323 100644
|
||
|
--- a/core/java/android/util/jar/StrictJarVerifier.java
|
||
|
+++ b/core/java/android/util/jar/StrictJarVerifier.java
|
||
|
@@ -78,6 +78,11 @@ class StrictJarVerifier {
|
||
|
"SHA1",
|
||
|
};
|
||
|
|
||
|
+ /**
|
||
|
+ * The maximum number of signers supported by the JAR signature scheme.
|
||
|
+ */
|
||
|
+ private static final int MAX_JAR_SIGNERS = 10;
|
||
|
+
|
||
|
private final String jarName;
|
||
|
private final StrictJarManifest manifest;
|
||
|
private final HashMap<String, byte[]> metaEntries;
|
||
|
@@ -293,10 +298,16 @@ class StrictJarVerifier {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
+ int signerCount = 0;
|
||
|
Iterator<String> it = metaEntries.keySet().iterator();
|
||
|
while (it.hasNext()) {
|
||
|
String key = it.next();
|
||
|
if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {
|
||
|
+ if (++signerCount > MAX_JAR_SIGNERS) {
|
||
|
+ throw new SecurityException(
|
||
|
+ "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS
|
||
|
+ + " signers");
|
||
|
+ }
|
||
|
verifyCertificate(key);
|
||
|
it.remove();
|
||
|
}
|