Commit 6cf267dd authored by Dann Frazier's avatar Dann Frazier

* bugfix/random-fix-seeding-with-zero-entropy.patch

  bugfix/random-fix-error-in-entropy-extraction.patch
  [SECURITY] Avoid seeding with the same values at boot time when a
  system has no entropy source and fix a casting error in entropy
  extraction that resulted in slightly less random numbers.
  See CVE-2007-2453

svn path=/dists/etch-security/linux-2.6/; revision=9130
parent a55d3d57
......@@ -20,8 +20,14 @@ linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high
* bugfix/dn_fib-out-of-bounds.patch
[SECURITY] Fix out of bounds condition in dn_fib_props[]
See CVE-2007-2172
-- dann frazier <dannf@debian.org> Thu, 12 Jul 2007 23:30:55 -0600
* bugfix/random-fix-seeding-with-zero-entropy.patch
bugfix/random-fix-error-in-entropy-extraction.patch
[SECURITY] Avoid seeding with the same values at boot time when a
system has no entropy source and fix a casting error in entropy
extraction that resulted in slightly less random numbers.
See CVE-2007-2453
-- dann frazier <dannf@debian.org> Fri, 13 Jul 2007 00:06:31 -0600
linux-2.6 (2.6.18.dfsg.1-13) stable; urgency=high
......
commit 602b6aeefe8932dd8bb15014e8fe6bb25d736361
Author: Matt Mackall <mpm@selenic.com>
Date: Tue May 29 21:54:27 2007 -0500
random: fix error in entropy extraction
Fix cast error in entropy extraction.
Add comments explaining the magic 16.
Remove extra confusing loop variable.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Acked-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 46c1b97..9705b43 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -760,7 +760,7 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
static void extract_buf(struct entropy_store *r, __u8 *out)
{
- int i, x;
+ int i;
__u32 data[16], buf[5 + SHA_WORKSPACE_WORDS];
sha_init(buf);
@@ -772,9 +772,11 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
* attempts to find previous ouputs), unless the hash
* function can be inverted.
*/
- for (i = 0, x = 0; i < r->poolinfo->poolwords; i += 16, x+=2) {
- sha_transform(buf, (__u8 *)r->pool+i, buf + 5);
- add_entropy_words(r, &buf[x % 5], 1);
+ for (i = 0; i < r->poolinfo->poolwords; i += 16) {
+ /* hash blocks of 16 words = 512 bits */
+ sha_transform(buf, (__u8 *)(r->pool + i), buf + 5);
+ /* feed back portion of the resulting hash */
+ add_entropy_words(r, &buf[i % 5], 1);
}
/*
@@ -782,7 +784,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
* portion of the pool while mixing, and hash one
* final time.
*/
- __add_entropy_words(r, &buf[x % 5], 1, data);
+ __add_entropy_words(r, &buf[i % 5], 1, data);
sha_transform(buf, (__u8 *)data, buf + 5);
/*
commit 7f397dcdb78d699a20d96bfcfb595a2411a5bbd2
Author: Matt Mackall <mpm@selenic.com>
Date: Tue May 29 21:58:10 2007 -0500
random: fix seeding with zero entropy
Add data from zero-entropy random_writes directly to output pools to
avoid accounting difficulties on machines without entropy sources.
Tested on lguest with all entropy sources disabled.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Acked-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
# Backported to Debian's 2.6.18 by dann frazier <dannf@debian.org>
--- linux-source-2.6.18/drivers/char/random.c.orig 2006-09-19 21:42:06.000000000 -0600
+++ linux-source-2.6.18/drivers/char/random.c 2007-07-12 23:57:12.000000000 -0600
@@ -1017,37 +1017,44 @@ random_poll(struct file *file, poll_tabl
return mask;
}
-static ssize_t
-random_write(struct file * file, const char __user * buffer,
- size_t count, loff_t *ppos)
+static int
+write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
{
- int ret = 0;
size_t bytes;
__u32 buf[16];
const char __user *p = buffer;
- size_t c = count;
- while (c > 0) {
- bytes = min(c, sizeof(buf));
+ while (count > 0) {
+ bytes = min(count, sizeof(buf));
+ if (copy_from_user(&buf, p, bytes))
+ return -EFAULT;
- bytes -= copy_from_user(&buf, p, bytes);
- if (!bytes) {
- ret = -EFAULT;
- break;
- }
- c -= bytes;
+ count -= bytes;
p += bytes;
- add_entropy_words(&input_pool, buf, (bytes + 3) / 4);
- }
- if (p == buffer) {
- return (ssize_t)ret;
- } else {
- struct inode *inode = file->f_dentry->d_inode;
- inode->i_mtime = current_fs_time(inode->i_sb);
- mark_inode_dirty(inode);
- return (ssize_t)(p - buffer);
+ add_entropy_words(r, buf, (bytes + 3) / 4);
}
+
+ return 0;
+}
+
+static ssize_t
+random_write(struct file * file, const char __user * buffer,
+ size_t count, loff_t *ppos)
+{
+ size_t ret;
+ struct inode *inode = file->f_path.dentry->d_inode;
+
+ ret = write_pool(&blocking_pool, buffer, count);
+ if (ret)
+ return ret;
+ ret = write_pool(&nonblocking_pool, buffer, count);
+ if (ret)
+ return ret;
+
+ inode->i_mtime = current_fs_time(inode->i_sb);
+ mark_inode_dirty(inode);
+ return (ssize_t)count;
}
static int
@@ -1086,8 +1093,8 @@ random_ioctl(struct inode * inode, struc
return -EINVAL;
if (get_user(size, p++))
return -EFAULT;
- retval = random_write(file, (const char __user *) p,
- size, &file->f_pos);
+ retval = write_pool(&input_pool, (const char __user *)p,
+ size);
if (retval < 0)
return retval;
credit_entropy_store(&input_pool, ent_count);
......@@ -5,3 +5,5 @@
+ bugfix/pppoe-socket-release-mem-leak.patch
+ bugfix/nf_conntrack_h323-bounds-checking.patch
+ bugfix/dn_fib-out-of-bounds.patch
+ bugfix/random-fix-seeding-with-zero-entropy.patch
+ bugfix/random-fix-error-in-entropy-extraction.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment