q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/drivers/char
History
Matt Mackall 5a021e9ffd random: fix bound check ordering (CVE-2007-3105) 
If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2007-07-19 14:21:04 -07:00
..
agp Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart 2007-07-12 13:41:54 -07:00
drm some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
hw_random intel-rng: undo mess made by an 80 column extremist 2007-07-16 09:05:46 -07:00
ip2 unregister_chrdev(): ignore the return value 2007-07-19 10:04:43 -07:00
ipmi some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
mwave [PATCH] mwave: interesting flags savings 2007-02-20 17:10:14 -08:00
pcmcia some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
rio some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
tpm Use menuconfig objects II - TPM 2007-07-16 09:05:40 -07:00
watchdog some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
.gitignore
ChangeLog
Kconfig xen: use the hvc console infrastructure for Xen console 2007-07-18 08:47:44 -07:00
Makefile lguest: the console driver 2007-07-19 10:04:52 -07:00
amiserial.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
apm-emulation.c Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
applicom.c
applicom.h
briq_panel.c [POWERPC] Remove dead code for preventing pread() and pwrite() calls 2007-07-10 22:03:26 +10:00
cd1865.h
consolemap.c Kernel utf-8 handling 2007-07-16 09:05:46 -07:00
cp437.uni
cs5535_gpio.c Char: cs5535_gpio, add MODULE_DEVICE_TABLE 2007-05-08 11:15:04 -07:00
cyclades.c drivers/*: mark variables with uninitialized_var() 2007-07-17 16:23:19 -04:00
defkeymap.c_shipped
defkeymap.map
digi1.h
digiFep1.h
digiPCI.h
ds1286.c [CHAR] ds1286: Fix handling of seconds in RTC_ALM_SET ioctl. 2007-03-08 01:10:30 +00:00
ds1302.c [PATCH] DS1302: local_irq_disable() is redundant after local_irq_save() 2007-02-12 09:48:30 -08:00
ds1620.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dsp56k.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dtlk.c dtlk: fix error checks in module_init() 2007-05-08 11:15:09 -07:00
ec3104_keyb.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
efirtc.c
epca.c drivers/char: use __set_current_state() 2007-05-08 11:15:13 -07:00
epca.h
epcaconfig.h
esp.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
generic_nvram.c [PATCH] mark struct file_operations const 3 2007-02-12 09:48:45 -08:00
generic_serial.c genericserial: remove bogus optimisation check and dead code paths 2007-07-16 09:05:51 -07:00
genrtc.c Char: genrtc, use wait_event_interruptible 2007-07-16 09:05:44 -07:00
hangcheck-timer.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
hpet.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
hvc_beat.c [POWERPC] Celleb: hypervisor console driver 2007-02-07 14:03:21 +11:00
hvc_console.c Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
hvc_console.h
hvc_iseries.c [POWERPC] Rename device_is_compatible to of_device_is_compatible 2007-05-07 20:31:14 +10:00
hvc_lguest.c lguest: the console driver 2007-07-19 10:04:52 -07:00
hvc_rtas.c
hvc_vio.c [POWERPC] Rename device_is_compatible to of_device_is_compatible 2007-05-07 20:31:14 +10:00
hvc_xen.c xen: use the hvc console infrastructure for Xen console 2007-07-18 08:47:44 -07:00
hvcs.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
hvsi.c [POWERPC] Rename get_property to of_get_property: partial drivers 2007-04-27 15:51:56 +10:00
i8k.c i386: sched.h inclusion from module.h is baack 2007-05-08 11:15:08 -07:00
ip27-rtc.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
isicom.c Char: isicom, proper variables types 2007-07-17 10:23:10 -07:00
istallion.c Char: istallion, init+locking fixes 2007-07-17 10:23:10 -07:00
keyboard.c Kernel utf-8 handling 2007-07-16 09:05:46 -07:00
lcd.c [CHAR] lcd: Fix two warnings. 2007-03-17 01:03:26 +00:00
lcd.h [MIPS] Add MTD device support for Cobalt 2007-02-20 17:11:55 +00:00
lp.c ROUND_UP macro cleanup in drivers/char/lp.c 2007-05-08 11:15:08 -07:00
mbcs.c mbcs: Remove lots of global symbols 2007-07-19 10:04:43 -07:00
mbcs.h mbcs: Remove lots of global symbols 2007-07-19 10:04:43 -07:00
mem.c Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2007-07-10 14:48:43 -07:00
misc.c Make /proc/misc use seq_list_xxx helpers 2007-07-16 09:05:42 -07:00
mmtimer.c [IA64-SN2][KJ] mmtimer.c-kzalloc 2007-05-08 11:53:27 -07:00
moxa.c Char: moxa, eliminate busy waiting 2007-07-17 10:23:10 -07:00
mspec.c mspec_mmap: don't set VM_LOCKED 2007-07-16 09:05:36 -07:00
mxser.c serial: remove termios checks from various old char serial drivers 2007-07-16 09:05:52 -07:00
mxser.h [PATCH] mxser: remove ambiguous redefinition of INIT_WORK 2007-02-11 10:51:25 -08:00
mxser_new.c serial: remove termios checks from various old char serial drivers 2007-07-16 09:05:52 -07:00
mxser_new.h [PATCH] Char: mxser_new, upgrade to 1.9.15 2007-02-11 10:51:29 -08:00
n_hdlc.c Char: n_hdlc, allow RESTARTSYS retval of tty write 2007-07-16 09:05:43 -07:00
n_r3964.c Char: n_r3964, use wait_event_interruptible 2007-07-16 09:05:44 -07:00
n_tty.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
nsc_gpio.c [PATCH] struct path: convert char-drivers 2006-12-08 08:28:44 -08:00
nvram.c COBALT: remove all references to Cobalt NVRAM 2007-07-16 09:05:47 -07:00
nwbutton.c [PATCH] Char: timers cleanup 2007-02-12 09:48:30 -08:00
nwbutton.h
nwflash.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
pc8736x_gpio.c
ppdev.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
pty.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
random.c random: fix bound check ordering (CVE-2007-3105) 2007-07-19 14:21:04 -07:00
raw.c [PATCH] raw: don't allow the creation of a raw device with minor number 0 2007-02-11 10:51:34 -08:00
riscom8.c Char: riscom8, eliminate busy loop 2007-07-17 10:23:10 -07:00
riscom8.h
riscom8_reg.h
rocket.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
rocket.h
rocket_int.h Kill unused sesssion and group values in rocket driver 2007-05-11 08:29:36 -07:00
rtc.c RTC: Ratelimit "lost interrupts" message 2007-07-16 09:05:43 -07:00
scc.h
scx200_gpio.c
selection.c Kernel utf-8 handling 2007-07-16 09:05:46 -07:00
ser_a2232.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ser_a2232.h
ser_a2232fw.ax
ser_a2232fw.h
serial167.c drivers/char: use __set_current_state() 2007-05-08 11:15:13 -07:00
snsc.c
snsc.h
snsc_event.c [IA64] drivers/char/snsc_event.c:206: warning: unused variable `p' 2007-05-10 13:23:05 -07:00
sonypi.c remove sonypi_camera_command() 2007-07-16 09:05:46 -07:00
specialix.c Char: specialix, remove busy waiting 2007-07-17 10:23:10 -07:00
specialix_io8.h
stallion.c unregister_chrdev(): ignore the return value 2007-07-19 10:04:43 -07:00
sx.c sx: switch subven and subid values 2007-07-10 17:51:13 -07:00
sx.h [PATCH] Char: sx, request regions 2006-12-08 08:28:59 -08:00
sxboards.h
sxwindow.h
synclink.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
synclink_gt.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
synclinkmp.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
sysrq.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
tb0219.c [PATCH] struct path: convert char-drivers 2006-12-08 08:28:44 -08:00
tipar.c layered parport code uses parport->dev 2007-05-08 11:15:05 -07:00
tlclk.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
toshiba.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
tty_audit.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
tty_io.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
tty_ioctl.c Char: tty_ioctl, little whitespace cleanup 2007-07-16 09:05:44 -07:00
vc_screen.c use mutex instead of semaphore in virtual console driver 2007-05-08 11:15:33 -07:00
viocons.c [POWERPC] iSeries: fix viocons init 2006-12-20 16:37:48 +11:00
viotape.c unregister_chrdev(): ignore the return value 2007-07-19 10:04:43 -07:00
vme_scc.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
vr41xx_giu.c [MIPS] Separate platform_device registration for VR41xx GPIO 2007-07-12 17:41:15 +01:00
vt.c Fix the graphic corruption issue on IA64 machines 2007-07-17 10:23:13 -07:00
vt_ioctl.c drivers/char: use __set_current_state() 2007-05-08 11:15:13 -07:00