From 9694657967c7fb62a74c187d01e1aaed1f2db7ac Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Mon, 19 Dec 2016 10:52:52 -0800 Subject: [PATCH] Permit 65535 byte ZIP comments and empty Central Directory This fixes two cosmetic issues in APK Signature Scheme v2 signature verifier in Android Package Manager: * Accept APKs with ZIP End of Central Directory comment of length 65535. Previously, only comments of length 65534 were accepted due to a off by one bug. * Accept APKs with empty ZIP Central Directory. These issues should not affect actual APKs because they cannot have an empty ZIP Central Directory (they must contain at least the AndroidManifest.xml entry) and shouldn't contain any comments in ZIP End of Central Directory. Test: cts-tradefed run singleCommand cts --skip-device-info --skip-preconditions --skip-connectivity-check --abi arm64-v8a --module CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest Change-Id: I461c43472fa97c04e7579d129a6053e44233adb7 --- core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java | 2 +- core/java/android/util/apk/ZipUtils.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java index 78d3b7bf81d28..0216a0752a9c8 100644 --- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java +++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java @@ -579,7 +579,7 @@ public class ApkSignatureSchemeV2Verifier { throws SignatureNotFoundException { // Look up the offset of ZIP Central Directory. long centralDirOffset = ZipUtils.getZipEocdCentralDirectoryOffset(eocd); - if (centralDirOffset >= eocdOffset) { + if (centralDirOffset > eocdOffset) { throw new SignatureNotFoundException( "ZIP Central Directory offset out of range: " + centralDirOffset + ". ZIP End of Central Directory offset: " + eocdOffset); diff --git a/core/java/android/util/apk/ZipUtils.java b/core/java/android/util/apk/ZipUtils.java index cdbac1802377d..fa5477e4190bc 100644 --- a/core/java/android/util/apk/ZipUtils.java +++ b/core/java/android/util/apk/ZipUtils.java @@ -160,7 +160,7 @@ abstract class ZipUtils { } int maxCommentLength = Math.min(archiveSize - ZIP_EOCD_REC_MIN_SIZE, UINT16_MAX_VALUE); int eocdWithEmptyCommentStartPosition = archiveSize - ZIP_EOCD_REC_MIN_SIZE; - for (int expectedCommentLength = 0; expectedCommentLength < maxCommentLength; + for (int expectedCommentLength = 0; expectedCommentLength <= maxCommentLength; expectedCommentLength++) { int eocdStartPos = eocdWithEmptyCommentStartPosition - expectedCommentLength; if (zipContents.getInt(eocdStartPos) == ZIP_EOCD_REC_SIG) {