/dev/urandom uses uninit bytes, leaks user data - Kernel

This is a discussion on /dev/urandom uses uninit bytes, leaks user data - Kernel ; From: Matti Linnanvuori /dev/urandom use no uninit bytes, leak no user data Signed-off-by: Matti Linnanvuori --- --- a/drivers/char/random.c 2007-12-15 09:09:37.895414000 +0200 +++ b/drivers/char/random.c 2007-12-15 09:12:02.607831500 +0200 @@ -689,7 +689,7 @@ static ssize_t extract_entropy(struct en */ static void xfer_secondary_pool(struct entropy_store *r, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: /dev/urandom uses uninit bytes, leaks user data

  1. /dev/urandom uses uninit bytes, leaks user data

    From: Matti Linnanvuori

    /dev/urandom use no uninit bytes, leak no user data

    Signed-off-by: Matti Linnanvuori

    ---

    --- a/drivers/char/random.c 2007-12-15 09:09:37.895414000 +0200
    +++ b/drivers/char/random.c 2007-12-15 09:12:02.607831500 +0200
    @@ -689,7 +689,7 @@ static ssize_t extract_entropy(struct en
    */
    static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
    {
    - __u32 tmp[OUTPUT_POOL_WORDS];
    + static __u32 tmp[OUTPUT_POOL_WORDS];

    if (r->pull && r->entropy_count < nbytes * 8 &&
    r->entropy_count < r->poolinfo->POOLBITS) {




    Machen Sie Yahoo! zu Ihrer Startseite. Los geht's:
    http://de.yahoo.com/set
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: /dev/urandom uses uninit bytes, leaks user data

    On Fri, 14 Dec 2007 23:20:30 PST, Matti Linnanvuori said:
    > From: Matti Linnanvuori
    >
    > /dev/urandom use no uninit bytes, leak no user data
    >
    > Signed-off-by: Matti Linnanvuori
    >
    > ---
    >
    > --- a/drivers/char/random.c 2007-12-15 09:09:37.895414000 +0200
    > +++ b/drivers/char/random.c 2007-12-15 09:12:02.607831500 +0200
    > @@ -689,7 +689,7 @@ static ssize_t extract_entropy(struct en
    > */
    > static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
    > {
    > - __u32 tmp[OUTPUT_POOL_WORDS];
    > + static __u32 tmp[OUTPUT_POOL_WORDS];


    This looks like a race waiting to happen - what lock is held so we don't have
    'tmp' smashed by 2 instances on different CPUs (not a problem when each
    instance lives on a hopefully separate stack)?

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (GNU/Linux)
    Comment: Exmh version 2.5 07/13/2001

    iD8DBQFHY4gZcC3lWbTT17ARAixZAJ0SB4Ql7S1NVUTmQEPxB+ XSCpviVgCcCw6i
    OLqmJSMDuhqxos+gY4TohyA=
    =USA9
    -----END PGP SIGNATURE-----


+ Reply to Thread