[release-branch.go1.17] crypto/rand: properly handle large Read on windows - go

diff options

author	Roland Shoemaker <roland@golang.org>	2022-04-25 19:02:35 -0700
committer	Alex Rakoczy <alex@golang.org>	2022-05-25 19:26:16 +0000
commit	2be03d789de905a4b050ff5f3a51b724e1b09494 (patch)
tree	c7b85c81b9cf6aa0fa9c3de63ae5bb36b5919137 /src/os/exec/exec.go
parent	65701ad2b430466dd4bd6e1df107f81c0f8ee9cb (diff)
download	go-2be03d789de905a4b050ff5f3a51b724e1b09494.tar.gz go-2be03d789de905a4b050ff5f3a51b724e1b09494.zip

[release-branch.go1.17] crypto/rand: properly handle large Read on windows

Use the batched reader to chunk large Read calls on windows to a max of 1 << 31 - 1 bytes. This prevents an infinite loop when trying to read more than 1 << 32 -1 bytes, due to how RtlGenRandom works. This change moves the batched function from rand_unix.go to rand.go, since it is now needed for both windows and unix implementations. Updates #52561 Fixes #52932 Fixes CVE-2022-30634 Change-Id: Id98fc4b1427e5cb2132762a445b2aed646a37473 Reviewed-on: https://go-review.googlesource.com/c/go/+/402257 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <valsorda@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit bb1f4416180511231de6d17a1f2f55c82aafc863) Reviewed-on: https://go-review.googlesource.com/c/go/+/406635 Reviewed-by: Damien Neil <dneil@google.com>

Diffstat (limited to 'src/os/exec/exec.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: