* [PATCH 2.4] random poolsize sysctl fix
@ 2005-05-20 5:32 Vasily Averin
2005-05-20 10:53 ` Marcelo Tosatti
0 siblings, 1 reply; 2+ messages in thread
From: Vasily Averin @ 2005-05-20 5:32 UTC (permalink / raw)
To: Marcelo Tosatti, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 403 bytes --]
Hello Marcelo,
SWSoft Linux kernel Team has discovered that your patch
http://linux.bkbits.net:8080/linux-2.4/gnupatch@41e2c4fetTJmVti-Xxql21xXjfbpag
which should fix a random poolsize sysctl handler integer overflow, is
wrong.
You have changed a variable definition in function proc_do_poolsize(),
but you had to fix an another function, poolsize_strategy()
Vasily Averin
SWSoft Linux kernel Team
[-- Attachment #2: diff-security-rndpoolsize-20050520 --]
[-- Type: text/plain, Size: 630 bytes --]
--- ./drivers/char/random.c.rndps Wed Jan 19 17:09:48 2005
+++ ./drivers/char/random.c Fri May 20 09:09:18 2005
@@ -1771,7 +1771,7 @@ static int change_poolsize(int poolsize)
static int proc_do_poolsize(ctl_table *table, int write, struct file *filp,
void *buffer, size_t *lenp)
{
- unsigned int ret;
+ int ret;
sysctl_poolsize = random_state->poolinfo.POOLBYTES;
@@ -1787,7 +1787,7 @@ static int poolsize_strategy(ctl_table *
void *oldval, size_t *oldlenp,
void *newval, size_t newlen, void **context)
{
- int len;
+ unsigned int len;
sysctl_poolsize = random_state->poolinfo.POOLBYTES;
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH 2.4] random poolsize sysctl fix
2005-05-20 5:32 [PATCH 2.4] random poolsize sysctl fix Vasily Averin
@ 2005-05-20 10:53 ` Marcelo Tosatti
0 siblings, 0 replies; 2+ messages in thread
From: Marcelo Tosatti @ 2005-05-20 10:53 UTC (permalink / raw)
To: Vasily Averin; +Cc: linux-kernel
Hi Vasily,
On Fri, May 20, 2005 at 09:32:48AM +0400, Vasily Averin wrote:
> Hello Marcelo,
>
> SWSoft Linux kernel Team has discovered that your patch
> http://linux.bkbits.net:8080/linux-2.4/gnupatch@41e2c4fetTJmVti-Xxql21xXjfbpag
> which should fix a random poolsize sysctl handler integer overflow, is
> wrong.
> You have changed a variable definition in function proc_do_poolsize(),
> but you had to fix an another function, poolsize_strategy()
Ouch. Shame on me.
Recent v2.4 versions aren't vulnerable, at least on i386, where copy_from_user()
does signed overflow checking.
Patch applied, thanks.
> --- ./drivers/char/random.c.rndps Wed Jan 19 17:09:48 2005
> +++ ./drivers/char/random.c Fri May 20 09:09:18 2005
> @@ -1771,7 +1771,7 @@ static int change_poolsize(int poolsize)
> static int proc_do_poolsize(ctl_table *table, int write, struct file *filp,
> void *buffer, size_t *lenp)
> {
> - unsigned int ret;
> + int ret;
>
> sysctl_poolsize = random_state->poolinfo.POOLBYTES;
>
> @@ -1787,7 +1787,7 @@ static int poolsize_strategy(ctl_table *
> void *oldval, size_t *oldlenp,
> void *newval, size_t newlen, void **context)
> {
> - int len;
> + unsigned int len;
>
> sysctl_poolsize = random_state->poolinfo.POOLBYTES;
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-05-20 16:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-20 5:32 [PATCH 2.4] random poolsize sysctl fix Vasily Averin
2005-05-20 10:53 ` Marcelo Tosatti
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox