From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>,
Stephan Mueller <stephan.mueller@atsec.com>,
Petr Matousek <pmatouse@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Luis Henriques <luis.henriques@canonical.com>
Subject: [PATCH 3.4 10/39] crypto: ansi_cprng - Fix off by one error in non-block size request
Date: Tue, 26 Nov 2013 16:56:34 -0800 [thread overview]
Message-ID: <20131127005619.763541227@linuxfoundation.org> (raw)
In-Reply-To: <20131127005619.011763867@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Horman <nhorman@tuxdriver.com>
commit 714b33d15130cbb5ab426456d4e3de842d6c5b8a upstream.
Stephan Mueller reported to me recently a error in random number generation in
the ansi cprng. If several small requests are made that are less than the
instances block size, the remainder for loop code doesn't increment
rand_data_valid in the last iteration, meaning that the last bytes in the
rand_data buffer gets reused on the subsequent smaller-than-a-block request for
random data.
The fix is pretty easy, just re-code the for loop to make sure that
rand_data_valid gets incremented appropriately
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
CC: Stephan Mueller <stephan.mueller@atsec.com>
CC: Petr Matousek <pmatouse@redhat.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/ansi_cprng.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -230,11 +230,11 @@ remainder:
*/
if (byte_count < DEFAULT_BLK_SZ) {
empty_rbuf:
- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
- ctx->rand_data_valid++) {
+ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
*ptr = ctx->rand_data[ctx->rand_data_valid];
ptr++;
byte_count--;
+ ctx->rand_data_valid++;
if (byte_count == 0)
goto done;
}
next prev parent reply other threads:[~2013-11-27 0:57 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-27 0:56 [PATCH 3.4 00/39] 3.4.71-stable review Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 01/39] vfs,proc: guarantee unique inodes in /proc Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 02/39] nfs: dont allow nfs_find_actor to match inodes of the wrong type Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 03/39] libertas: potential oops in debugfs Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 04/39] aacraid: prevent invalid pointer dereference Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 05/39] ACPICA: Interpreter: Fix Store() when implicit conversion is not possible Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 06/39] ACPICA: DeRefOf operator: Update to fully resolve FieldUnit and BufferField refs Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 07/39] ACPICA: Return error if DerefOf resolves to a null package element Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 08/39] ACPICA: Fix for a Store->ArgX when ArgX contains a reference to a field Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 09/39] USB: mos7840: fix tiocmget error handling Greg Kroah-Hartman
2013-11-27 0:56 ` Greg Kroah-Hartman [this message]
2013-11-27 0:56 ` [PATCH 3.4 11/39] can: c_can: Fix RX message handling, handle lost message before EOB Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 12/39] 8139cp: re-enable interrupts after tx timeout Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 14/39] SUNRPC handle EKEYEXPIRED in call_refreshresult Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 15/39] SUNRPC: dont map EKEYEXPIRED to EACCES " Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 16/39] Nest rename_lock inside vfsmount_lock Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 17/39] exec: do not abuse ->cred_guard_mutex in threadgroup_lock() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 18/39] include/linux/fs.h: disable preempt when acquire i_size_seqcount write lock Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 19/39] perf/ftrace: Fix paranoid level for enabling function tracer Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 20/39] rt2x00: check if device is still available on rt2x00mac_flush() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 21/39] Revert "ima: policy for RAMFS" Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 22/39] exec/ptrace: fix get_dumpable() incorrect tests Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 23/39] ALSA: 6fire: Fix probe of multiple cards Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 24/39] ALSA: msnd: Avoid duplicated driver name Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 25/39] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 26/39] nfsd: split up nfsd_setattr Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 27/39] nfsd: make sure to balance get/put_write_access Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 28/39] x86/microcode/amd: Tone down printk(), dont treat a missing firmware file as an error Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 29/39] hwmon: (lm90) Fix max6696 alarm handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 30/39] block: fix race between request completion and timeout handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 31/39] block: fix a probe argument to blk_register_region Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 32/39] block: properly stack underlying max_segment_size to DM device Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 33/39] powerpc/vio: use strcpy in modalias_show Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 34/39] powerpc/powernv: Add PE to its own PELTV Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 35/39] powerpc/signals: Mark VSX not saved with small contexts Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 36/39] SUNRPC: Fix a data corruption issue when retransmitting RPC calls Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 37/39] rt2800usb: slow down TX status polling Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 38/39] configfs: fix race between dentry put and lookup Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 39/39] cris: media platform drivers: fix build Greg Kroah-Hartman
2013-11-27 4:14 ` [PATCH 3.4 00/39] 3.4.71-stable review Guenter Roeck
2013-11-27 22:29 ` Shuah Khan
2013-11-28 10:54 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131127005619.763541227@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=luis.henriques@canonical.com \
--cc=nhorman@tuxdriver.com \
--cc=pmatouse@redhat.com \
--cc=stable@vger.kernel.org \
--cc=stephan.mueller@atsec.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.