git.karo-electronics.de Git - karo-tx-linux.git/commit

]> git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Matt Mackall <mpm@selenic.com>
	Sat, 6 Oct 2007 22:27:53 +0000 (00:27 +0200)
committer	Adrian Bunk <bunk@kernel.org>
	Sat, 6 Oct 2007 22:27:53 +0000 (00:27 +0200)
commit	47d9c7762bd6e2d766cba697952f11fba9d5acf6
tree	7e487af390ac0624d08f141ebf99b5b544490f39	tree \| snapshot
parent	46f6fdb65fb9a80fa31ab25c5aad3d150bb7c398	commit \| diff

random: fix bound check ordering (CVE-2007-3105)

If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>

drivers/char/random.c

diff | blob | history

Linux kernel for KaRo TX COM modules

RSS Atom