From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>,
Stephan Mueller <stephan.mueller@atsec.com>,
Petr Matousek <pmatouse@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Luis Henriques <luis.henriques@canonical.com>
Subject: [PATCH 3.11 09/36] crypto: ansi_cprng - Fix off by one error in non-block size request
Date: Tue, 26 Nov 2013 10:12:19 -0800 [thread overview]
Message-ID: <20131126181026.956532161@linuxfoundation.org> (raw)
In-Reply-To: <20131126181025.029404973@linuxfoundation.org>
3.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Horman <nhorman@tuxdriver.com>
commit 714b33d15130cbb5ab426456d4e3de842d6c5b8a upstream.
Stephan Mueller reported to me recently a error in random number generation in
the ansi cprng. If several small requests are made that are less than the
instances block size, the remainder for loop code doesn't increment
rand_data_valid in the last iteration, meaning that the last bytes in the
rand_data buffer gets reused on the subsequent smaller-than-a-block request for
random data.
The fix is pretty easy, just re-code the for loop to make sure that
rand_data_valid gets incremented appropriately
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
CC: Stephan Mueller <stephan.mueller@atsec.com>
CC: Petr Matousek <pmatouse@redhat.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/ansi_cprng.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -230,11 +230,11 @@ remainder:
*/
if (byte_count < DEFAULT_BLK_SZ) {
empty_rbuf:
- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
- ctx->rand_data_valid++) {
+ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
*ptr = ctx->rand_data[ctx->rand_data_valid];
ptr++;
byte_count--;
+ ctx->rand_data_valid++;
if (byte_count == 0)
goto done;
}
next prev parent reply other threads:[~2013-11-26 18:12 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-26 18:12 [PATCH 3.11 00/36] 3.11.10-stable review Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 01/36] ACPICA: DeRefOf operator: Update to fully resolve FieldUnit and BufferField refs Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 02/36] libertas: potential oops in debugfs Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 03/36] aacraid: prevent invalid pointer dereference Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 04/36] ACPICA: Return error if DerefOf resolves to a null package element Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 05/36] ACPICA: Fix for a Store->ArgX when ArgX contains a reference to a field Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 06/36] USB: mos7840: fix tiocmget error handling Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 07/36] can: kvaser_usb: fix usb endpoints detection Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 08/36] Btrfs: relocate csums properly with prealloc extents Greg Kroah-Hartman
2013-11-26 18:12 ` Greg Kroah-Hartman [this message]
2013-11-26 18:12 ` [PATCH 3.11 10/36] crypto: s390 - Fix aes-cbc IV corruption Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 11/36] can: c_can: Fix RX message handling, handle lost message before EOB Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 12/36] alx: Reset phy speed after resume Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 13/36] ipc,shm: correct error return value in shmctl (SHM_UNLOCK) Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 14/36] ipc,shm: fix shm_file deletion races Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 15/36] drm/nvc0-/gr: fix a number of missing explicit array terminators Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 16/36] thinkpad_acpi: Fix build error when CONFIG_SND_MAX_CARDS > 32 Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 17/36] SUNRPC: dont map EKEYEXPIRED to EACCES in call_refreshresult Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 18/36] sched, idle: Fix the idle polling state logic Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 19/36] PCI: Allow PCIe Capability link-related register access for switches Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 20/36] PCI: Remove PCIe Capability version checks Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 21/36] PCI: Support PCIe Capability Slot registers only for ports with slots Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 22/36] perf/ftrace: Fix paranoid level for enabling function tracer Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 23/36] ACPI / EC: Ensure lock is acquired before accessing ec struct members Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 24/36] ACPI / video: Quirk initial backlight level 0 Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 25/36] ACPI / hotplug: Fix handle_root_bridge_removal() Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 26/36] ACPI / hotplug: Do not execute "insert in progress" _OST Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 27/36] Staging: zram: Fix access of NULL pointer Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 28/36] staging: comedi: avoid memleak for subdevice private Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 29/36] Drivers: hv: vmbus: Fix a bug in channel rescind code Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 30/36] rt2x00: fix a crash bug in the HT descriptor handling fix Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 31/36] rt2x00: check if device is still available on rt2x00mac_flush() Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 32/36] rt2x00: rt2800lib: fix VGC adjustment for RT5592 Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 33/36] rt2x00: fix HT TX descriptor settings regression Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 34/36] Bluetooth: revert: "Bluetooth: Add missing reset_resume dev_pm_ops" Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 35/36] Revert "ima: policy for RAMFS" Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 36/36] exec/ptrace: fix get_dumpable() incorrect tests Greg Kroah-Hartman
2013-11-27 4:12 ` [PATCH 3.11 00/36] 3.11.10-stable review Guenter Roeck
2013-11-27 22:30 ` Shuah Khan
2013-11-28 10:56 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131126181026.956532161@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=luis.henriques@canonical.com \
--cc=nhorman@tuxdriver.com \
--cc=pmatouse@redhat.com \
--cc=stable@vger.kernel.org \
--cc=stephan.mueller@atsec.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox