Skip to content
Commit 47d9c776 authored by Matt Mackall's avatar Matt Mackall Committed by Adrian Bunk
Browse files

random: fix bound check ordering (CVE-2007-3105) 



If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Signed-off-by: default avatarMatt Mackall <mpm@selenic.com>
Signed-off-by: default avatarAdrian Bunk <bunk@kernel.org>
parent 46f6fdb6
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment