random: fix bound check ordering (CVE-2007-3105) - lwn.git - Linux kernel documentation tree maintained by Jonathan Corbet

diff options

author	Matt Mackall <mpm@selenic.com>	2007-10-07 00:27:53 +0200
committer	Adrian Bunk <bunk@kernel.org>	2007-10-07 00:27:53 +0200
commit	47d9c7762bd6e2d766cba697952f11fba9d5acf6 (patch)
tree	7e487af390ac0624d08f141ebf99b5b544490f39 /include
parent	46f6fdb65fb9a80fa31ab25c5aad3d150bb7c398 (diff)
download	lwn-47d9c7762bd6e2d766cba697952f11fba9d5acf6.tar.gz lwn-47d9c7762bd6e2d766cba697952f11fba9d5acf6.zip

random: fix bound check ordering (CVE-2007-3105)

If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes, causing a DoS or potential privilege escalation. (Bug reported by the PaX Team <pageexec@freemail.hu>) Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Adrian Bunk <bunk@kernel.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: