-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1 #52561
Comments
Change https://go.dev/cl/402257 mentions this issue: |
@gopherbot please open backport issues, this is a minor security issue. |
Backport issue(s) opened: #52932 (for 1.17), #52933 (for 1.18). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
Change https://go.dev/cl/406635 mentions this issue: |
Change https://go.dev/cl/406634 mentions this issue: |
…handle large Read on windows Use the batched reader to chunk large Read calls on windows to a max of 1 << 31 - 1 bytes. This prevents an infinite loop when trying to read more than 1 << 32 -1 bytes, due to how RtlGenRandom works. This change moves the batched function from rand_unix.go to rand.go, since it is now needed for both windows and unix implementations. Updates #52561 Fixes #52933 Fixes CVE-2022-30634 Change-Id: Id98fc4b1427e5cb2132762a445b2aed646a37473 Reviewed-on: https://go-review.googlesource.com/c/go/+/402257 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <valsorda@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit bb1f441) Reviewed-on: https://go-review.googlesource.com/c/go/+/406634 Reviewed-by: Damien Neil <dneil@google.com>
…ndows Use the batched reader to chunk large Read calls on windows to a max of 1 << 31 - 1 bytes. This prevents an infinite loop when trying to read more than 1 << 32 -1 bytes, due to how RtlGenRandom works. This change moves the batched function from rand_unix.go to rand.go, since it is now needed for both windows and unix implementations. Updates #52561 Fixes #52932 Fixes CVE-2022-30634 Change-Id: Id98fc4b1427e5cb2132762a445b2aed646a37473 Reviewed-on: https://go-review.googlesource.com/c/go/+/402257 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <valsorda@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit bb1f441) Reviewed-on: https://go-review.googlesource.com/c/go/+/406635 Reviewed-by: Damien Neil <dneil@google.com>
Passing a buffer larger than 1<<32 - 1 to
crypto/rand.Read
hangs on windows due to an infinite loop because of how batching works withRtlGenRandom
. SinceRtlGenRandom
only supports reading at most 1<<32 - 1 bytes at a time,rngReader
truncates the requested number of bytes touint32(len(b))
(orlen(b) % 1 << 32
). After the first call, which will returnlen(b) % 1 << 32
bytes, the truncation will always result in 0, causing the infinite loop.Since this requires such a large buffer, this has minimal impact, since it's incredibly unlikely anyone actually wants this much randomness (and there are no paths from the remotely reachable libraries where this can be realistically triggered.)
This is CVE-2022-30634.
The text was updated successfully, but these errors were encountered: