diff options
author | Matt Mackall <mpm@selenic.com> | 2007-10-07 00:24:49 +0200 |
---|---|---|
committer | Adrian Bunk <bunk@kernel.org> | 2007-10-07 00:24:49 +0200 |
commit | 46f6fdb65fb9a80fa31ab25c5aad3d150bb7c398 (patch) | |
tree | 05c06d9108f4fe6cbde7547042cb5fe46cff0800 /drivers/char | |
parent | 5561123a8a3a55328174164901ef66f7a5ec2130 (diff) |
random: fix seeding with zero entropy (CVE-2007-2453 2 of 2)
Add data from zero-entropy random_writes directly to output pools to
avoid accounting difficulties on machines without entropy sources.
Tested on lguest with all entropy sources disabled.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Acked-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/random.c | 55 |
1 files changed, 31 insertions, 24 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index e237237b3c4..f162618d0f7 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1020,37 +1020,44 @@ random_poll(struct file *file, poll_table * wait) return mask; } -static ssize_t -random_write(struct file * file, const char __user * buffer, - size_t count, loff_t *ppos) +static int +write_pool(struct entropy_store *r, const char __user *buffer, size_t count) { - int ret = 0; size_t bytes; __u32 buf[16]; const char __user *p = buffer; - size_t c = count; - while (c > 0) { - bytes = min(c, sizeof(buf)); + while (count > 0) { + bytes = min(count, sizeof(buf)); + if (copy_from_user(&buf, p, bytes)) + return -EFAULT; - bytes -= copy_from_user(&buf, p, bytes); - if (!bytes) { - ret = -EFAULT; - break; - } - c -= bytes; + count -= bytes; p += bytes; - add_entropy_words(&input_pool, buf, (bytes + 3) / 4); - } - if (p == buffer) { - return (ssize_t)ret; - } else { - struct inode *inode = file->f_dentry->d_inode; - inode->i_mtime = current_fs_time(inode->i_sb); - mark_inode_dirty(inode); - return (ssize_t)(p - buffer); + add_entropy_words(r, buf, (bytes + 3) / 4); } + + return 0; +} + +static ssize_t +random_write(struct file * file, const char __user * buffer, + size_t count, loff_t *ppos) +{ + size_t ret; + struct inode *inode = file->f_dentry->d_inode; + + ret = write_pool(&blocking_pool, buffer, count); + if (ret) + return ret; + ret = write_pool(&nonblocking_pool, buffer, count); + if (ret) + return ret; + + inode->i_mtime = current_fs_time(inode->i_sb); + mark_inode_dirty(inode); + return (ssize_t)count; } static int @@ -1089,8 +1096,8 @@ random_ioctl(struct inode * inode, struct file * file, return -EINVAL; if (get_user(size, p++)) return -EFAULT; - retval = random_write(file, (const char __user *) p, - size, &file->f_pos); + retval = write_pool(&input_pool, (const char __user *)p, + size); if (retval < 0) return retval; credit_entropy_store(&input_pool, ent_count); |