| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Dec 2013 21:00:51 -0500 From: Greg Price <price@....EDU> To: "Theodore Ts'o" <tytso@....edu> Cc: linux-kernel@...r.kernel.org Subject: [PATCH 01/14] random: fix signedness bug Negative numbers and size_t don't mix. When the total entropy available was less than 'reserved', we would fail to enforce any limit at all. Fix that. We never care how negative have_bytes - reserved is, so just flatten it to zero if negative. This behavior entered in 987cd8c30 "random: simplify accounting code" a few commits ago. Before that, for a long time we would compare have_bytes - reserved (or equivalent) to ibytes or store it into ibytes, but only inside a condition that guaranteed it wasn't negative. Signed-off-by: Greg Price <price@....edu> --- drivers/char/random.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 8cc7d6515..1dd5f2634 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -977,7 +977,8 @@ retry: ibytes = nbytes; /* If limited, never pull more than available */ if (r->limit) - ibytes = min_t(size_t, ibytes, have_bytes - reserved); + ibytes = min_t(size_t, ibytes, + max(0, have_bytes - reserved)); if (ibytes < min) ibytes = 0; entropy_count = max_t(int, 0, -- 1.8.3.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists