summaryrefslogtreecommitdiffstats
path: root/adb
diff options
context:
space:
mode:
authorSami Tolvanen2015-01-27 10:48:35 -0600
committerSami Tolvanen2015-01-27 11:19:35 -0600
commit7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c (patch)
tree2a8e39637027635f9ea36504b37573b2e23cdf17 /adb
parenta76f057af81b7a03c9c18af0bcb763f7e7f03fbf (diff)
downloadplatform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.tar.gz
platform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.tar.xz
platform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.zip
Verify token length before adb signs it
Currently, a host running adb will sign a token of any length passed to it by a device, effectively acting as a signing oracle. If the ADB_VENDOR_KEYS environment variable is used to specify an additional key to use, this behavior is not only unexpected, but probably also unwanted. Further discussion can be found from this thread: http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html This change adds a check to ensure token length matches TOKEN_SIZE before it's signed, which prevents an attacker from signing longer messages. Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
Diffstat (limited to 'adb')
-rw-r--r--adb/adb_auth_host.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/adb/adb_auth_host.c b/adb/adb_auth_host.c
index a85919989..1d486676e 100644
--- a/adb/adb_auth_host.c
+++ b/adb/adb_auth_host.c
@@ -395,6 +395,11 @@ int adb_auth_sign(void *node, void *token, size_t token_size, void *sig)
395 unsigned int len; 395 unsigned int len;
396 struct adb_private_key *key = node_to_item(node, struct adb_private_key, node); 396 struct adb_private_key *key = node_to_item(node, struct adb_private_key, node);
397 397
398 if (token_size != TOKEN_SIZE) {
399 D("Unexpected token size %zd\n", token_size);
400 return 0;
401 }
402
398 if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) { 403 if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) {
399 return 0; 404 return 0;
400 } 405 }