]> git.baikalelectronics.ru Git - kernel.git/commit
random: fix bound check ordering (CVE-2007-3105)
authorMatt Mackall <mpm@selenic.com>
Thu, 19 Jul 2007 18:30:14 +0000 (11:30 -0700)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Thu, 19 Jul 2007 21:21:04 +0000 (14:21 -0700)
commit0d78b05815630543f01183d9efb0ac2f424b7294
tree0d289c7feec4e7b3b19c7c312e8cb31532c5b9c9
parent7d60e01f29c360551822e5485c61139964e267f2
random: fix bound check ordering (CVE-2007-3105)

If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/random.c