From 8b0b4a2c393d4f37c4f7c6a5e625b880feec579c Mon Sep 17 00:00:00 2001 From: osm0sis Date: Tue, 5 Nov 2019 02:39:55 -0400 Subject: [PATCH] SignBoot: also catch empty streamed signature as indicating not signed - compare against new byte[] array as a quick tell, since when streaming from a partition with an unsigned image "signature" would of course read without issue but then remain filled by zero padding, resulting in the following: java.io.IOException: unexpected end-of-contents marker at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source:14) at com.topjohnwu.signing.SignBoot$BootSignature.(SignBoot.java:235) at com.topjohnwu.signing.SignBoot.verifySignature(SignBoot.java:144) at com.topjohnwu.signing.BootSigner.main(BootSigner.java:15) at a.a.main(a.java:20) --- signing/src/main/java/com/topjohnwu/signing/SignBoot.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java index b717df9b2..3936f8cf3 100644 --- a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java +++ b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java @@ -136,7 +136,7 @@ public class SignBoot { // Read footer, which contains the signature byte[] signature = new byte[4096]; - if (imgIn.read(signature) == -1) { + if (imgIn.read(signature) == -1 || Arrays.equals(signature, new byte [signature.length])) { System.err.println("Invalid image: not signed"); return false; }