| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <28540.1197705241@turing-police.cc.vt.edu>
Date: Sat, 15 Dec 2007 02:54:01 -0500
From: Valdis.Kletnieks@...edu
To: Matti Linnanvuori <mattilinnanvuori@...oo.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: /dev/urandom uses uninit bytes, leaks user data
On Fri, 14 Dec 2007 23:20:30 PST, Matti Linnanvuori said:
> From: Matti Linnanvuori <mattilinnnvuori@...oo.com>
>
> /dev/urandom use no uninit bytes, leak no user data
>
> Signed-off-by: Matti Linnanvuori <mattilinnnvuori@...oo.com>
>
> ---
>
> --- a/drivers/char/random.c 2007-12-15 09:09:37.895414000 +0200
> +++ b/drivers/char/random.c 2007-12-15 09:12:02.607831500 +0200
> @@ -689,7 +689,7 @@ static ssize_t extract_entropy(struct en
> */
> static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
> {
> - __u32 tmp[OUTPUT_POOL_WORDS];
> + static __u32 tmp[OUTPUT_POOL_WORDS];
This looks like a race waiting to happen - what lock is held so we don't have
'tmp' smashed by 2 instances on different CPUs (not a problem when each
instance lives on a hopefully separate stack)?
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists