diff options
author | Sami Tolvanen | 2015-01-27 10:48:35 -0600 |
---|---|---|
committer | Sami Tolvanen | 2015-01-27 11:19:35 -0600 |
commit | 7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c (patch) | |
tree | 2a8e39637027635f9ea36504b37573b2e23cdf17 /libsync | |
parent | a76f057af81b7a03c9c18af0bcb763f7e7f03fbf (diff) | |
download | platform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.tar.gz platform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.tar.xz platform-system-core-7b9c20d3b2aad8b2f67de9478d3d44cc6deff52c.zip |
Verify token length before adb signs it
Currently, a host running adb will sign a token of any length passed
to it by a device, effectively acting as a signing oracle. If the
ADB_VENDOR_KEYS environment variable is used to specify an additional
key to use, this behavior is not only unexpected, but probably also
unwanted. Further discussion can be found from this thread:
http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html
This change adds a check to ensure token length matches TOKEN_SIZE
before it's signed, which prevents an attacker from signing longer
messages.
Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
Diffstat (limited to 'libsync')
0 files changed, 0 insertions, 0 deletions