[PATCH] random: overflow fix

Zwane reports an oops duie to add_entropy_words running off the top of the stack reading its input. The overrun is harmless until it causes a page fault. Looks like I introduced this bug in Aug 2003, but it was hard to trigger until the recent changes. Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] random: overflow fix
Zwane reports an oops duie to add_entropy_words running off the top of the stack reading its input. The overrun is harmless until it causes a page fault. Looks like I introduced this bug in Aug 2003, but it was hard to trigger until the recent changes. Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2121b2ec · Matt Mackall · Linus Torvalds · c04f9ab5 · 2121b2ec
Commit 2121b2ec authored Feb 01, 2005 by Matt Mackall Committed by Linus Torvalds Feb 01, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/char/random.c drivers/char/random.c +1 -1

No files found.
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1322,7 +1322,7 @@ static inline void xfer_secondary_pool(struct entropy_store *r,

 		bytes=extract_entropy(random_state, tmp, bytes,
 				      EXTRACT_ENTROPY_LIMIT);
-		add_entropy_words(r, tmp, bytes);
+		add_entropy_words(r, tmp, (bytes + 3) / 4);
 		credit_entropy_store(r, bytes*8);
 	}
 }