diff options
author | Roland Shoemaker <roland@golang.org> | 2022-04-25 19:02:35 -0700 |
---|---|---|
committer | Alex Rakoczy <alex@golang.org> | 2022-05-25 19:26:16 +0000 |
commit | 2be03d789de905a4b050ff5f3a51b724e1b09494 (patch) | |
tree | c7b85c81b9cf6aa0fa9c3de63ae5bb36b5919137 /src/crypto/rand/rand_batched.go | |
parent | 65701ad2b430466dd4bd6e1df107f81c0f8ee9cb (diff) | |
download | go-2be03d789de905a4b050ff5f3a51b724e1b09494.tar.gz go-2be03d789de905a4b050ff5f3a51b724e1b09494.zip |
[release-branch.go1.17] crypto/rand: properly handle large Read on windows
Use the batched reader to chunk large Read calls on windows to a max of
1 << 31 - 1 bytes. This prevents an infinite loop when trying to read
more than 1 << 32 -1 bytes, due to how RtlGenRandom works.
This change moves the batched function from rand_unix.go to rand.go,
since it is now needed for both windows and unix implementations.
Updates #52561
Fixes #52932
Fixes CVE-2022-30634
Change-Id: Id98fc4b1427e5cb2132762a445b2aed646a37473
Reviewed-on: https://go-review.googlesource.com/c/go/+/402257
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit bb1f4416180511231de6d17a1f2f55c82aafc863)
Reviewed-on: https://go-review.googlesource.com/c/go/+/406635
Reviewed-by: Damien Neil <dneil@google.com>
Diffstat (limited to 'src/crypto/rand/rand_batched.go')
-rw-r--r-- | src/crypto/rand/rand_batched.go | 22 |
1 files changed, 6 insertions, 16 deletions
diff --git a/src/crypto/rand/rand_batched.go b/src/crypto/rand/rand_batched.go index d7c5bf3562..8df715fdd1 100644 --- a/src/crypto/rand/rand_batched.go +++ b/src/crypto/rand/rand_batched.go @@ -8,6 +8,7 @@ package rand import ( + "errors" "internal/syscall/unix" ) @@ -16,20 +17,6 @@ func init() { altGetRandom = batched(getRandomBatch, maxGetRandomRead) } -// batched returns a function that calls f to populate a []byte by chunking it -// into subslices of, at most, readMax bytes. -func batched(f func([]byte) bool, readMax int) func([]byte) bool { - return func(buf []byte) bool { - for len(buf) > readMax { - if !f(buf[:readMax]) { - return false - } - buf = buf[readMax:] - } - return len(buf) == 0 || f(buf) - } -} - // If the kernel is too old to support the getrandom syscall(), // unix.GetRandom will immediately return ENOSYS and we will then fall back to // reading from /dev/urandom in rand_unix.go. unix.GetRandom caches the ENOSYS @@ -37,7 +24,10 @@ func batched(f func([]byte) bool, readMax int) func([]byte) bool { // If the kernel supports the getrandom() syscall, unix.GetRandom will block // until the kernel has sufficient randomness (as we don't use GRND_NONBLOCK). // In this case, unix.GetRandom will not return an error. -func getRandomBatch(p []byte) (ok bool) { +func getRandomBatch(p []byte) error { n, err := unix.GetRandom(p, 0) - return n == len(p) && err == nil + if n != len(p) { + return errors.New("short read") + } + return err } |