[kernel] r9704 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Thu Nov 8 06:16:44 UTC 2007

Author: dannf
Date: Thu Nov  8 06:16:44 2007
New Revision: 9704

Log:
* 248_random-reseed-sizeof-fix.diff
  [SECURITY] Fix a bug in the random driver reseeding code that reduces
  entropy by reseeding a smaller buffer size than expected
  See CVE-2007-4311


Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/248_random-reseed-sizeof-fix.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================

--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Thu Nov  8 06:16:44 2007
@@ -31,8 +31,12 @@
     clearing of the child process' pdeath signal.
     Thanks to Marcel Holtmann for the patch.
     See CVE-2007-3848
-
- -- dann frazier <dannf at debian.org>  Wed, 07 Nov 2007 23:02:37 -0700
+  * 248_random-reseed-sizeof-fix.diff
+    [SECURITY] Fix a bug in the random driver reseeding code that reduces
+    entropy by reseeding a smaller buffer size than expected
+    See CVE-2007-4311
+  
+ -- dann frazier <dannf at debian.org>  Wed, 07 Nov 2007 23:13:28 -0700
 
 kernel-source-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/248_random-reseed-sizeof-fix.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/248_random-reseed-sizeof-fix.diff	Thu Nov  8 06:16:44 2007
@@ -0,0 +1,85 @@
+From: PaX Team <pageexec at freemail.hu>
+Date: Mon, 18 Jun 2007 08:56:16 +0000 (+0200)
+Subject: [PATCH] random device reseed bugfix, possibly security problem
+X-Git-Tag: v2.4.35-rc1~6
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fwtarreau%2Flinux-2.4.git;a=commitdiff_plain;h=66438bd5651e892bc485c32762f7ce75637b686b
+
+[PATCH] random device reseed bugfix, possibly security problem
+
+hello,
+
+recently while trying to figure out something i ran across
+some code in drivers/char/random.c:xfer_secondary_pool() which
+looked wrong and further investigation of history confirmed
+it as well.
+
+the problem is that xfer_secondary_pool() used to use a local
+buffer in the past that was used during the reseed operation
+however when this buffer was moved out to the caller site, the
+sizeof(tmp) code wasn't properly adjusted, therefore the sizeof
+now operates on a pointer type (vs. array) and gives the wrong
+result.
+
+in this case it means that when the code thinks it reseeds the
+entire buffer (0x154 bytes on i386/sha1), it only reseeds
+sizeof(ptr), 4 bytes on i386.
+
+since all this 'catastrophic reseeding' has something to do with
+some (maybe theoretical) attack (i'm not a crypto guy to tell ;),
+i can imagine that this error has some security consequences,
+please treat it as such until confirmed otherwise.
+
+the commit that introduced the bug:
+  http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=1.889.325.12
+
+the attached fix has been in PaX/grsecurity for a few weeks now
+and seems to work.
+
+2.6 doesn't have this bug as the buffer in question is again
+local to the function that uses sizeof on it (i haven't checked
+when it was fixed).
+---
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index fb20310..4f55671 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1246,13 +1246,14 @@ static ssize_t extract_entropy(struct entropy_store *r, void * buf,
+  * at which point we do a "catastrophic reseeding".
+  */
+ static inline void xfer_secondary_pool(struct entropy_store *r,
+-				       size_t nbytes, __u32 *tmp)
++				       size_t nbytes, __u32 *tmp,
++				       size_t tmpsize)
+ {
+ 	if (r->entropy_count < nbytes * 8 &&
+ 	    r->entropy_count < r->poolinfo.POOLBITS) {
+ 		int nwords = min_t(int,
+ 				   r->poolinfo.poolwords - r->entropy_count/32,
+-				   sizeof(tmp) / 4);
++				   tmpsize / 4);
+ 
+ 		DEBUG_ENT("xfer %d from primary to %s (have %d, need %d)\n",
+ 			  nwords * 32,
+@@ -1266,9 +1267,9 @@ static inline void xfer_secondary_pool(struct entropy_store *r,
+ 	if (r->extract_count > 1024) {
+ 		DEBUG_ENT("reseeding %s with %d from primary\n",
+ 			  r == sec_random_state ? "secondary" : "unknown",
+-			  sizeof(tmp) * 8);
+-		extract_entropy(random_state, tmp, sizeof(tmp), 0);
+-		add_entropy_words(r, tmp, sizeof(tmp) / 4);
++			  tmpsize * 8);
++		extract_entropy(random_state, tmp, tmpsize, 0);
++		add_entropy_words(r, tmp, tmpsize / 4);
+ 		r->extract_count = 0;
+ 	}
+ }
+@@ -1300,7 +1301,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void * buf,
+ 		r->entropy_count = r->poolinfo.POOLBITS;
+ 
+ 	if (flags & EXTRACT_ENTROPY_SECONDARY)
+-		xfer_secondary_pool(r, nbytes, tmp);
++		xfer_secondary_pool(r, nbytes, tmp, sizeof(tmp));
+ 
+ 	DEBUG_ENT("%s has %d bits, want %d bits\n",
+ 		  r == sec_random_state ? "secondary" :

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	Thu Nov  8 06:16:44 2007
@@ -7,3 +7,4 @@
 + 245_bluetooth-l2cap-hci-info-leaks-2.diff
 + 246_dn_fib-out-of-bounds.diff
 + 247_reset-pdeathsig-on-suid.diff
++ 248_random-reseed-sizeof-fix.diff

