Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / 89f6e24590cf9e9b66f123ee0ce2ae5818ce1aeb
commit89f6e24590cf9e9b66f123ee0ce2ae5818ce1aeb[log] [tgz]
authorDidrik Rokhaug <didrik.rokhaug@gmail.com>Tue Nov 10 17:48:12 2020 +0100
committerMaureen Helm <maureen.helm@nxp.com>Wed Nov 11 15:02:04 2020 -0600
tree9960f5c0951610fd2cc77916c575ddfb9baa90f4
parent202adf565f3ab5561374cfe1e9df123fb2a466f1 [diff]
rand: xoroshiro128: fix buffer overflow

If rand32_xoroshiro128::z_impl_sys_rand_get is called with outlen
not divisible by 4, it will overflow the dst buffer. This happens
because blocksize is not changed from 4 to the difference between
outlen and len. If outlen is < 4, z_impl_sys_rand_get will be stuck
in an infinite loop that keeps writing random bytes outside the buffer.
If outlen is > 4, z_impl_sys_rand_get returns after the correct number
of loops, but it writes every byte to the buffer, not just outlen number
of bytes. This causes the buffer to be overflowed with up to and
including 3 bytes.

Signed-off-by: Didrik Rokhaug <didrik.rokhaug@gmail.com>
1 file changed
tree: 9960f5c0951610fd2cc77916c575ddfb9baa90f4
  1. .buildkite/
  2. .github/
  3. .known-issues/
  4. arch/
  5. boards/
  6. cmake/
  7. doc/
  8. drivers/
  9. dts/
  10. include/
  11. kernel/
  12. lib/
  13. misc/
  14. modules/
  15. samples/
  16. scripts/
  17. share/
  18. soc/
  19. subsys/
  20. tests/
  21. .checkpatch.conf
  22. .clang-format
  23. .codecov.yml
  24. .editorconfig
  25. .gitattributes
  26. .gitignore
  27. .gitlint
  28. .mailmap
  29. .uncrustify.cfg
  30. CMakeLists.txt
  31. CODE_OF_CONDUCT.md
  32. CODEOWNERS
  33. CONTRIBUTING.rst
  34. Kconfig
  35. Kconfig.zephyr
  36. LICENSE
  37. MAINTAINERS.yml
  38. Makefile
  39. README.rst
  40. VERSION
  41. version.h.in
  42. west.yml
  43. zephyr-env.cmd
  44. zephyr-env.sh