Fix a security issue in jitterentropy library

Resolves: rhbz#2015560

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
This commit is contained in:
Vladis Dronov 2021-11-23 20:39:34 +01:00
parent ae9d72e321
commit e6419fa017
3 changed files with 10 additions and 15 deletions

View File

@ -1,26 +1,20 @@
diff -up src/jitterentropy-noise.c.orig src/jitterentropy-noise.c
--- src/jitterentropy-noise.c 2021-11-23 15:42:47.809329173 +0100
+++ src/jitterentropy-noise.c 2021-11-23 15:44:19.820499338 +0100
@@ -188,16 +188,18 @@ static void jent_memaccess(struct rand_d
@@ -188,7 +188,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
uint32_t u[4];
uint8_t b[sizeof(uint32_t) * 4];
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
- uint32_t addressMask = ec->memmask;
+ uint32_t addressMask;
+
+ if (NULL == ec || NULL == ec->mem)
+ return;
+
+ addressMask = ec->memmask;
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
uint64_t acc_loop_cnt =
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
@@ -197,6 +197,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
if (NULL == ec || NULL == ec->mem)
return;
+ addressMask = ec->memmask;
- if (NULL == ec || NULL == ec->mem)
- return;
-
/*
* Mix the current data into prngState
*

View File

@ -1,6 +1,6 @@
Name: jitterentropy
Version: 3.3.1
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Library implementing the jitter entropy source
License: BSD or GPLv2
@ -47,8 +47,9 @@ mkdir -p %{buildroot}/usr/include/
%{_mandir}/man3/*
%changelog
* Tue Nov 23 2021 Vladis Dronov <vdronov@redhat.com> - 3.3.1-1
* Tue Nov 23 2021 Vladis Dronov <vdronov@redhat.com> - 3.3.1-2
- Update to the upstream v3.3.1 @ 887c9871 (bz 2015560)
- Fix a security issue found by a covscan in jitterentropy library
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-3.git.409828cf
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags

View File

@ -1,2 +1,2 @@
jitterentropy library does not really have tests.
it is tested as a part of rng-tools tests.
it is tested as a part of rng-tools tests.