]> git.hungrycats.org Git - linux/commit
projects / linux / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8adcb4c) | patch
random: fix bound check ordering (CVE-2007-3105)
authorMatt Mackall <mpm@selenic.com>
Mon, 16 Jul 2007 00:10:14 +0000 (17:10 -0700)
committerGreg Kroah-Hartman <gregkh@suse.de>
Wed, 15 Aug 2007 16:25:09 +0000 (09:25 -0700)
commitc712842ef701361ed3ee0f50f15797d7369b6628
treeb60cdfdcf3481f42ba94e8640cc37b2db3b55d9ftree | snapshot
parent8adcb4c72176a326b61bbc0a7924d869e52cb116commit | diff
random: fix bound check ordering (CVE-2007-3105)

If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/char/random.c diff | blob | history
Linux kernels and configurations used by Zygo.