From 8c0020b092996ef5e3d95c415c86006ca1a2e55a Mon Sep 17 00:00:00 2001
From: Scott Kirkwood <scottkirkwood@chromium.org>
Date: Tue, 17 Oct 2017 19:52:09 +0000
Subject: [PATCH] Add new limits for extra field, updated test file.

Bug: 775160
Change-Id: Ic0f2a818386c78cf7b610035f7841f08e5477ab9
Reviewed-on: https://chromium-review.googlesource.com/723783
Reviewed-by: Peter Kotwicz <pkotwicz@chromium.org>
Commit-Queue: Scott Kirkwood <scottkirkwood@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509491}
---
 .../lib/client/WebApkVerifySignature.java     |   5 +++--
 .../data/webapks/extra-field-too-large.apk    | Bin 19805 -> 23918 bytes
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java
index 3728f27dcfd4..5f0f061ba80e 100644
--- a/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java
+++ b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java
@@ -83,8 +83,9 @@ public class WebApkVerifySignature {
     /** Maximum file comment length permitted. */
     private static final int MAX_FILE_COMMENT_LENGTH = 0;
 
-    /** Maximum extra field length permitted. */
-    private static final int MAX_EXTRA_LENGTH = 8;
+    /** Maximum extra field length permitted.
+     * Support .so alignment and a 64 bytes bytes for any extras. */
+    private static final int MAX_EXTRA_LENGTH = 4096 + 64;
 
     /** The memory buffer we are going to read the zip from. */
     private final ByteBuffer mBuffer;
diff --git a/chrome/test/data/webapks/extra-field-too-large.apk b/chrome/test/data/webapks/extra-field-too-large.apk
index a996735d96032f53a35e5282307ea027dfd5a008..ac0c061a6983e2a2368f19c401fd8859ebe9fc7a 100644
GIT binary patch
delta 298
zcmcaRi}Bqq#to-rm|O)WpOMjJauk?csJm@)gYI$~;;zlivXdDnuk_O0d|u9&k%^sQ
za;lCFv*}Id$^T`<H~TA8Ffy`Dj`h|93NcNR727PTWXHtFK6!_?K3vfvmDx-{MRw|{
zj6fx#o9oqeScKUaic*X7ON)|Ii}ezVij#rbHy_b{EXTB24`^FBi?9I$*s93}-daqT
y4JXHVM>0j4Oy2Gt#cXHJ05nW_vbm2I(=zMH$v#$0K8};;`^YkFiI}|4XFdSQ=x(C`

delta 254
zcmaF2i}CI(#to-rn0Oc_pOMjJ<6r=R$q5GHoBeeg7#VpcU(nOxFujQ+&abZk5;ri=
zhpOJ3V9*Z|`Cw?k4pGOjS<xtj2`F?jS|3&Oev{cC@n~~ZxY9;*M;1vQhN9Hs{L-T2
z)MCBFqT*zjjSQQwT0fR!s*;<0UQc&&UzEV)?@?0B&*T|^_CxrA(NfH-6&ZlG>w)Fh
vL`yN5t4ux-9mTAu&H%JYd9p{07E{0W<dPUGCTqjV8)9Uc7JE!SA2S~S6ahwM