Memory corruption with 2.3.18

Pete Zaitcev (zaitcev@metabyte.com)
Sat, 18 Sep 1999 13:15:38 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrea Arcangeli: "Re: kflushd rewrite..."
Previous message: Mr. James W. Laferriere: "Re: Probable bug in handling disabled network interfaces (2.2.12)"

Hello,

I am sorry if it was rehashed before. I am running Linux/sparc, gcc 2.7.2.3.
The following patch fixes a memory corruption and crash:

Index: drivers/char/random.c
diff -u -r1.39 random.c
--- drivers/char/random.c 1999/09/01 08:04:15 1.39
+++ drivers/char/random.c 1999/09/18 19:08:20
@@ -2012,7 +2012,7 @@
if (!rekey_time || (tv.tv_sec - rekey_time) > REKEY_INTERVAL) {
rekey_time = tv.tv_sec;
/* First three words are overwritten below. */
- get_random_bytes(&secret+3, sizeof(secret)-12);
+ get_random_bytes(&secret[3], sizeof(secret)-12);
count = (tv.tv_sec/REKEY_INTERVAL) << HASH_BITS;
}

I cannot believe nobody hit it before, I must have missed a linux-kernel
thread. &secret+3 produces a pointer at three sizes of the array away
and way over the array boundaries.

--Pete

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrea Arcangeli: "Re: kflushd rewrite..."
Previous message: Mr. James W. Laferriere: "Re: Probable bug in handling disabled network interfaces (2.2.12)"