d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a buffer overrun in /dev/random which, due to the nature of the

Browse Source 
kernel memory allocator, is harmless. This could be a problem for
other systems, though. I've modified Darren's patch a little.

Original patch by: Darren Schack, Isilon Systems, Inc <darrens@isilon.com>
Also analysed by:  SGI, and in particular Divy Le Ray of SGI
OK'ed by:          re(rwatson)
This commit is contained in:
markm 2002-12-12 17:38:45 +00:00
parent 041d1287e8
commit 824369dc3e
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/dev/random/yarrow.c
View File

@ -253,6 +253,7 @@ read_random_real(void *buf, int count)
static int cur = 0; static int cur = 0;
static int gate = 1; static int gate = 1;
static u_char genval[KEYSIZE]; static u_char genval[KEYSIZE];
size_t tomove;
int i; int i;
int retval; int retval;
@ -270,14 +271,14 @@ read_random_real(void *buf, int count)
random_state.counter[0]++; random_state.counter[0]++;
yarrow_encrypt(&random_state.key, random_state.counter, yarrow_encrypt(&random_state.key, random_state.counter,
genval); genval);
memcpy((char *)buf + i, genval, tomove = min(count - i, sizeof(random_state.counter));
sizeof(random_state.counter)); memcpy((char *)buf + i, genval, tomove);
if (++random_state.outputblocks >= if (++random_state.outputblocks >=
random_state.gengateinterval) { random_state.gengateinterval) {
generator_gate(); generator_gate();
random_state.outputblocks = 0; random_state.outputblocks = 0;
} }
retval += (int)sizeof(random_state.counter); retval += (int)tomove;
} }
} }
else { else {