Merge "Limit the number of supported v1 and v2 signers" into rvc-dev am: 00f3afecdb am: d8cdf2d931 am: b4784aeb00 am: 027abf1925 am: 6cc59ca486 am: 35b54f3b44

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/22390145 Change-Id: I2468339653c3f47d8d86954377e4b84605b2f44b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Michael Groover <mpgroover@google.com> 2023-04-05 04:21:07 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-04-05 04:21:07 +0000
commit: 7bf6db07e7566e38dff46f85fd7171fc58355c26 (patch)
tree: a7a80c5c973249739ccbe571aff02d00c7c3cc3a
parent: 2cbc7777cf65b76502d4045bd86d1448a5eff0da (diff)
parent: 35b54f3b44412aee30303dd3c2a1ce52e08707ee (diff)
2 files changed, 21 insertions, 0 deletions
diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
index c8c1fd4eba21..9801559854f9 100644
--- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
+++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
@@ -75,6 +75,11 @@ public class ApkSignatureSchemeV2Verifier {
     private static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a;
 
     /**
+     * The maximum number of signers supported by the v2 APK signature scheme.
+     */
+    private static final int MAX_V2_SIGNERS = 10;
+
+    /**
      * Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature.
      *
      * <p><b>NOTE: This method does not verify the signature.</b>
@@ -182,6 +187,11 @@ public class ApkSignatureSchemeV2Verifier {
         }
         while (signers.hasRemaining()) {
             signerCount++;
+            if (signerCount > MAX_V2_SIGNERS) {
+                throw new SecurityException(
+                        "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS
+                                + " signers");
+            }
             try {
                 ByteBuffer signer = getLengthPrefixedSlice(signers);
                 X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory);
diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java
index 45254908c5c9..a6aca330d323 100644
--- a/core/java/android/util/jar/StrictJarVerifier.java
+++ b/core/java/android/util/jar/StrictJarVerifier.java
@@ -78,6 +78,11 @@ class StrictJarVerifier {
         "SHA1",
     };
 
+    /**
+     * The maximum number of signers supported by the JAR signature scheme.
+     */
+    private static final int MAX_JAR_SIGNERS = 10;
+
     private final String jarName;
     private final StrictJarManifest manifest;
     private final HashMap<String, byte[]> metaEntries;
@@ -293,10 +298,16 @@ class StrictJarVerifier {
             return false;
         }
 
+        int signerCount = 0;
         Iterator<String> it = metaEntries.keySet().iterator();
         while (it.hasNext()) {
             String key = it.next();
             if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {
+                if (++signerCount > MAX_JAR_SIGNERS) {
+                    throw new SecurityException(
+                            "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS
+                                    + " signers");
+                }
                 verifyCertificate(key);
                 it.remove();
             }
author	Michael Groover <mpgroover@google.com>	2023-04-05 04:21:07 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-05 04:21:07 +0000
commit	7bf6db07e7566e38dff46f85fd7171fc58355c26 (patch)
tree	a7a80c5c973249739ccbe571aff02d00c7c3cc3a
parent	2cbc7777cf65b76502d4045bd86d1448a5eff0da (diff)
parent	35b54f3b44412aee30303dd3c2a1ce52e08707ee (diff)