Skip to content

crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1 #52561

Closed
@rolandshoemaker

Description

@rolandshoemaker

Passing a buffer larger than 1<<32 - 1 to crypto/rand.Read hangs on windows due to an infinite loop because of how batching works with RtlGenRandom. Since RtlGenRandom only supports reading at most 1<<32 - 1 bytes at a time, rngReader truncates the requested number of bytes to uint32(len(b)) (or len(b) % 1 << 32). After the first call, which will return len(b) % 1 << 32 bytes, the truncation will always result in 0, causing the infinite loop.

Since this requires such a large buffer, this has minimal impact, since it's incredibly unlikely anyone actually wants this much randomness (and there are no paths from the remotely reachable libraries where this can be realistically triggered.)

This is CVE-2022-30634.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions