Mon, 16 Nov 2009

This Can't Be Right.

        if (eocd[i  ] == 0x50 && eocd[i+1] == 0x4b &&
            eocd[i+2] == 0x05 && eocd[i+1] == 0x06) {
            // if the sequence $50 $4b $05 $06 appears anywhere after
            // the real one, minzip will find the later (wrong) one,
            // which could be exploitable.  Fail verification if
            // this sequence occurs anywhere after the real one.

A friend who is poking around at Android code came across that and pointed it out to me. I took a look at the git repository and it's still there (git://android.git.kernel.org/platform/bootable/recovery). I don't know any reality where that will ever be true.

posted at: 15:42 | tags: android, typo | path: /entries/geek | permanent link to this entry

About:

Wesley Shields
. (

Links:

• Personal:
  • ~wxs
  • syn.csh
  • nethack.atarininja
• Friends:
  • Shane
  • Crim
  • TXS
  • Chris
  • t0n
  • Nuzz
  • Brock
  • Resig
  • Ryan
  • ramO
  • Goffin
  • Jordan
  • Jeremy
  • SThomas
• Humor:
  • Exploding Dog
  • XKCD
  • Spamusement
  • Qwantz

Pimping:

Contact me | Back to top
© 2008 wxs | (Modified) Design by Andreas Viklund