Re: [PATCH 2.4] random poolsize sysctl fix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Vasily,

On Fri, May 20, 2005 at 09:32:48AM +0400, Vasily Averin wrote:
> Hello Marcelo,
> 
> SWSoft Linux kernel Team has discovered that your patch 
> http://linux.bkbits.net:8080/linux-2.4/gnupatch@41e2c4fetTJmVti-Xxql21xXjfbpag
> which should fix a random poolsize sysctl handler integer overflow, is 
> wrong.
> You have changed a variable definition in function proc_do_poolsize(), 
> but you had to fix an another function, poolsize_strategy()

Ouch. Shame on me.

Recent v2.4 versions aren't vulnerable, at least on i386, where copy_from_user() 
does signed overflow checking.

Patch applied, thanks.

> --- ./drivers/char/random.c.rndps	Wed Jan 19 17:09:48 2005
> +++ ./drivers/char/random.c	Fri May 20 09:09:18 2005
> @@ -1771,7 +1771,7 @@ static int change_poolsize(int poolsize)
>  static int proc_do_poolsize(ctl_table *table, int write, struct file *filp,
>  			    void *buffer, size_t *lenp)
>  {
> -	unsigned int	ret;
> +	int	ret;
>  
>  	sysctl_poolsize = random_state->poolinfo.POOLBYTES;
>  
> @@ -1787,7 +1787,7 @@ static int poolsize_strategy(ctl_table *
>  			     void *oldval, size_t *oldlenp,
>  			     void *newval, size_t newlen, void **context)
>  {
> -	int	len;
> +	unsigned int	len;
>  	
>  	sysctl_poolsize = random_state->poolinfo.POOLBYTES;
>  

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux