blob: 01dc46935e4a2eb76244e2ca9375b21542edb7a6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Description: crypto: drbg - null pointer dereference
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1485815 (not accessible)
https://bugzilla.redhat.com/show_bug.cgi?id=1514609
Notes:
bwh> Clearly we can't apply the upstream fix for this, but need to guard
bwh> against the null pointer somehow. I can't work out which pointer
bwh> can be null though.
bwh> I've now looked at the RHEL 7 update, and the comment indicates
bwh> that the vulnerable code is in crypto/drbg.c. I verified that
bwh> it does have a weird special case for slen == 0 && seed != NULL
bwh> which no other RNG does. This was added in mainline in 3.17 and
bwh> then backported to RHEL's 3.10 branch.
Bugs:
upstream: released (4.2-rc1) [94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6]
4.9-upstream-stable: N/A "Fixed before branching point"
3.16-upstream-stable: N/A "Vulnerable code not present"
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.2.1-1)
4.9-stretch-security: N/A "Fixed before branching point"
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"
|