Description: crypto: drbg - null pointer dereference
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=1485815 (not accessible)
 https://bugzilla.redhat.com/show_bug.cgi?id=1514609
Notes:
 bwh> Clearly we can't apply the upstream fix for this, but need to guard
 bwh> against the null pointer somehow.  I can't work out which pointer
 bwh> can be null though.
 bwh> I've now looked at the RHEL 7 update, and the comment indicates
 bwh> that the vulnerable code is in crypto/drbg.c.  I verified that
 bwh> it does have a weird special case for slen == 0 && seed != NULL
 bwh> which no other RNG does.  This was added in mainline in 3.17 and
 bwh> then backported to RHEL's 3.10 branch.
Bugs:
upstream: released (4.2-rc1) [94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6]
4.9-upstream-stable: N/A "Fixed before branching point"
3.16-upstream-stable: N/A "Vulnerable code not present"
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.2.1-1)
4.9-stretch-security: N/A "Fixed before branching point"
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"