random: fix bound check ordering (CVE-2007-3105) (5a021e9f) · Commits · hpc / Old_Soft / kernel

Commit 5a021e9f authored Jul 19, 2007 by

Matt Mackall Committed by Linus Torvalds Jul 19, 2007

random: fix bound check ordering (CVE-2007-3105)

If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent f745bb1c

Hide whitespace changes

Inline Side-by-side

Please register or to comment