Re: [PATCH 2.4] random poolsize sysctl fix
From: Marcelo Tosatti
Date: Fri May 20 2005 - 11:14:19 EST
Hi Vasily,
On Fri, May 20, 2005 at 09:32:48AM +0400, Vasily Averin wrote:
> Hello Marcelo,
>
> SWSoft Linux kernel Team has discovered that your patch
> http://linux.bkbits.net:8080/linux-2.4/gnupatch@41e2c4fetTJmVti-Xxql21xXjfbpag
> which should fix a random poolsize sysctl handler integer overflow, is
> wrong.
> You have changed a variable definition in function proc_do_poolsize(),
> but you had to fix an another function, poolsize_strategy()
Ouch. Shame on me.
Recent v2.4 versions aren't vulnerable, at least on i386, where copy_from_user()
does signed overflow checking.
Patch applied, thanks.
> --- ./drivers/char/random.c.rndps Wed Jan 19 17:09:48 2005
> +++ ./drivers/char/random.c Fri May 20 09:09:18 2005
> @@ -1771,7 +1771,7 @@ static int change_poolsize(int poolsize)
> static int proc_do_poolsize(ctl_table *table, int write, struct file *filp,
> void *buffer, size_t *lenp)
> {
> - unsigned int ret;
> + int ret;
>
> sysctl_poolsize = random_state->poolinfo.POOLBYTES;
>
> @@ -1787,7 +1787,7 @@ static int poolsize_strategy(ctl_table *
> void *oldval, size_t *oldlenp,
> void *newval, size_t newlen, void **context)
> {
> - int len;
> + unsigned int len;
>
> sysctl_poolsize = random_state->poolinfo.POOLBYTES;
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/