Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Commit c712842e authored by Matt Mackall's avatar Matt Mackall Committed by Greg Kroah-Hartman
Browse files

random: fix bound check ordering (CVE-2007-3105) 


If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: default avatarMatt Mackall <mpm@selenic.com>
Signed-off-by: default avatarChris Wright <chrisw@sous-sol.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 8adcb4c7
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 2 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Open hardware computers for makers, educators and professionals