diff options
author | Roland Shoemaker <roland@golang.org> | 2022-04-25 19:02:35 -0700 |
---|---|---|
committer | Alex Rakoczy <alex@golang.org> | 2022-05-25 19:26:16 +0000 |
commit | 2be03d789de905a4b050ff5f3a51b724e1b09494 (patch) | |
tree | c7b85c81b9cf6aa0fa9c3de63ae5bb36b5919137 /src/crypto/rand/rand_windows.go | |
parent | 65701ad2b430466dd4bd6e1df107f81c0f8ee9cb (diff) | |
download | go-2be03d789de905a4b050ff5f3a51b724e1b09494.tar.gz go-2be03d789de905a4b050ff5f3a51b724e1b09494.zip |
[release-branch.go1.17] crypto/rand: properly handle large Read on windows
Use the batched reader to chunk large Read calls on windows to a max of
1 << 31 - 1 bytes. This prevents an infinite loop when trying to read
more than 1 << 32 -1 bytes, due to how RtlGenRandom works.
This change moves the batched function from rand_unix.go to rand.go,
since it is now needed for both windows and unix implementations.
Updates #52561
Fixes #52932
Fixes CVE-2022-30634
Change-Id: Id98fc4b1427e5cb2132762a445b2aed646a37473
Reviewed-on: https://go-review.googlesource.com/c/go/+/402257
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit bb1f4416180511231de6d17a1f2f55c82aafc863)
Reviewed-on: https://go-review.googlesource.com/c/go/+/406635
Reviewed-by: Damien Neil <dneil@google.com>
Diffstat (limited to 'src/crypto/rand/rand_windows.go')
-rw-r--r-- | src/crypto/rand/rand_windows.go | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/src/crypto/rand/rand_windows.go b/src/crypto/rand/rand_windows.go index 7379f1489a..6c0655c72b 100644 --- a/src/crypto/rand/rand_windows.go +++ b/src/crypto/rand/rand_windows.go @@ -9,7 +9,6 @@ package rand import ( "internal/syscall/windows" - "os" ) func init() { Reader = &rngReader{} } @@ -17,16 +16,11 @@ func init() { Reader = &rngReader{} } type rngReader struct{} func (r *rngReader) Read(b []byte) (n int, err error) { - // RtlGenRandom only accepts 2**32-1 bytes at a time, so truncate. - inputLen := uint32(len(b)) - - if inputLen == 0 { - return 0, nil - } - - err = windows.RtlGenRandom(b) - if err != nil { - return 0, os.NewSyscallError("RtlGenRandom", err) + // RtlGenRandom only returns 1<<32-1 bytes at a time. We only read at + // most 1<<31-1 bytes at a time so that this works the same on 32-bit + // and 64-bit systems. + if err := batched(windows.RtlGenRandom, 1<<31-1)(b); err != nil { + return 0, err } - return int(inputLen), nil + return len(b), nil } |