From 3b0f4847762a208e6cd166d420e15b0bf013e612 Mon Sep 17 00:00:00 2001 From: Steve Kondik Date: Wed, 9 Dec 2009 01:31:06 -0500 Subject: [PATCH] Security: Fix typo in recovery EOCD detection. This issue results in the ability to modify the contents of a signed OTA recovery image. --- verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/verifier.c b/verifier.c index f2491a1..164fb4a 100644 --- a/verifier.c +++ b/verifier.c @@ -123,7 +123,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey int i; for (i = 4; i < eocd_size-3; ++i) { if (eocd[i ] == 0x50 && eocd[i+1] == 0x4b && - eocd[i+2] == 0x05 && eocd[i+1] == 0x06) { + eocd[i+2] == 0x05 && eocd[i+3] == 0x06) { // if the sequence $50 $4b $05 $06 appears anywhere after // the real one, minzip will find the later (wrong) one, // which could be exploitable. Fail verification if