crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1 #52561
Labels
Milestone
Comments
rolandshoemaker
added
OS-Windows
NeedsFix
|
Change https://go.dev/cl/402257 mentions this issue: |
|
@gopherbot please open backport issues, this is a minor security issue. |
This was referenced May 16, 2022
|
Backport issue(s) opened: #52932 (for 1.17), #52933 (for 1.18). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
|
Change https://go.dev/cl/406635 mentions this issue: |
|
Change https://go.dev/cl/406634 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
May 25, 2022
…handle large Read on windows Use the batched reader to chunk large Read calls on windows to a max of 1 << 31 - 1 bytes. This prevents an infinite loop when trying to read more than 1 << 32 -1 bytes, due to how RtlGenRandom works. This change moves the batched function from rand_unix.go to rand.go, since it is now needed for both windows and unix implementations. Updates #52561 Fixes #52933 Fixes CVE-2022-30634 Change-Id: Id98fc4b1427e5cb2132762a445b2aed646a37473 Reviewed-on: https://go-review.googlesource.com/c/go/+/402257 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <valsorda@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit bb1f441) Reviewed-on: https://go-review.googlesource.com/c/go/+/406634 Reviewed-by: Damien Neil <dneil@google.com>
gopherbot
pushed a commit
that referenced
this issue
May 25, 2022
…ndows Use the batched reader to chunk large Read calls on windows to a max of 1 << 31 - 1 bytes. This prevents an infinite loop when trying to read more than 1 << 32 -1 bytes, due to how RtlGenRandom works. This change moves the batched function from rand_unix.go to rand.go, since it is now needed for both windows and unix implementations. Updates #52561 Fixes #52932 Fixes CVE-2022-30634 Change-Id: Id98fc4b1427e5cb2132762a445b2aed646a37473 Reviewed-on: https://go-review.googlesource.com/c/go/+/402257 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <valsorda@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit bb1f441) Reviewed-on: https://go-review.googlesource.com/c/go/+/406635 Reviewed-by: Damien Neil <dneil@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
rolandshoemaker commentedApr 26, 2022
•
edited
Passing a buffer larger than 1<<32 - 1 to
crypto/rand.Readhangs on windows due to an infinite loop because of how batching works withRtlGenRandom. SinceRtlGenRandomonly supports reading at most 1<<32 - 1 bytes at a time,rngReadertruncates the requested number of bytes touint32(len(b))(orlen(b) % 1 << 32). After the first call, which will returnlen(b) % 1 << 32bytes, the truncation will always result in 0, causing the infinite loop.Since this requires such a large buffer, this has minimal impact, since it's incredibly unlikely anyone actually wants this much randomness (and there are no paths from the remotely reachable libraries where this can be realistically triggered.)
This is CVE-2022-30634.
The text was updated successfully, but these errors were encountered: