random: check for increase of entropy_count because of signed conversion
authorHannes Frederic Sowa <hannes@stressinduktion.org>
Fri, 18 Jul 2014 21:26:41 +0000 (17:26 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Sat, 19 Jul 2014 05:42:13 +0000 (01:42 -0400)
commit79a8468747c5f95ed3d5ce8376a3e82e0c5857fc
treec84aca1e2222c1966b62bd87f9b702f7782b8f9c
parent1795cd9b3a91d4b5473c97f491d63892442212ab
random: check for increase of entropy_count because of signed conversion

The expression entropy_count -= ibytes << (ENTROPY_SHIFT + 3) could
actually increase entropy_count if during assignment of the unsigned
expression on the RHS (mind the -=) we reduce the value modulo
2^width(int) and assign it to entropy_count. Trinity found this.

[ Commit modified by tytso to add an additional safety check for a
  negative entropy_count -- which should never happen, and to also add
  an additional paranoia check to prevent overly large count values to
  be passed into urandom_read().  ]

Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
drivers/char/random.c