summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSami Tolvanen2015-01-27 10:48:35 -0600
committerSami Tolvanen2015-01-27 11:19:35 -0600
commit7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c (patch)
tree2a8e39637027635f9ea36504b37573b2e23cdf17 /libsync/sync.c
parenta76f057af81b7a03c9c18af0bcb763f7e7f03fbf (diff)
downloadplatform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.tar.gz
platform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.tar.xz
platform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.zip
Verify token length before adb signs it
Currently, a host running adb will sign a token of any length passed to it by a device, effectively acting as a signing oracle. If the ADB_VENDOR_KEYS environment variable is used to specify an additional key to use, this behavior is not only unexpected, but probably also unwanted. Further discussion can be found from this thread: http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html This change adds a check to ensure token length matches TOKEN_SIZE before it's signed, which prevents an attacker from signing longer messages. Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
Diffstat (limited to 'libsync/sync.c')
0 files changed, 0 insertions, 0 deletions