crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1

[rolandshoemaker]

Passing a buffer larger than 1<<32 - 1 to crypto/rand.Read hangs on windows due to an infinite loop because of how batching works with RtlGenRandom. Since RtlGenRandom only supports reading at most 1<<32 - 1 bytes at a time, rngReader truncates the requested number of bytes to uint32(len(b)) (or len(b) % 1 << 32). After the first call, which will return len(b) % 1 << 32 bytes, the truncation will always result in 0, causing the infinite loop.

Since this requires such a large buffer, this has minimal impact, since it's incredibly unlikely anyone actually wants this much randomness (and there are no paths from the remotely reachable libraries where this can be realistically triggered.)

This is CVE-2022-30634.

[gopherbot]

Change https://go.dev/cl/402257 mentions this issue: crypto/rand: properly handle large Read on windows

[rolandshoemaker]

@gopherbot please open backport issues, this is a minor security issue.

[gopherbot]

Backport issue(s) opened: #52932 (for 1.17), #52933 (for 1.18).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/406635 mentions this issue: [release-branch.go1.17] crypto/rand: properly handle large Read on windows

[gopherbot]

Change https://go.dev/cl/406634 mentions this issue: [release-branch.go1.18 crypto/rand: properly handle large Read on windows