From 66b0847602ffa47575371f4d5a9a04dc6013ba49 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Mon, 23 Aug 2021 23:41:45 +0900
Subject: [PATCH] Check the reading size range

---
 random.c | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/random.c b/random.c
index a474e8aa05..b873d0593e 100644
--- a/random.c
+++ b/random.c
@@ -538,6 +538,11 @@ fill_random_bytes_syscall(void *buf, size_t size, int unused)
 #endif
 }
 #elif defined(_WIN32)
+
+#ifndef DWORD_MAX
+# define DWORD_MAX (~(DWORD)0UL)
+#endif
+
 # if defined(CRYPT_VERIFYCONTEXT)
 STATIC_ASSERT(sizeof_HCRYPTPROV, sizeof(HCRYPTPROV) == sizeof(size_t));
 
@@ -580,7 +585,12 @@ fill_random_bytes_crypt(void *seed, size_t size)
 	}
     }
     if (prov == INVALID_HCRYPTPROV) return -1;
-    CryptGenRandom(prov, size, seed);
+    while (size > 0) {
+        DWORD n = (size > (size_t)DWORD_MAX) ? DWORD_MAX : (DWORD)size;
+        if (!CryptGenRandom(prov, n, seed)) return -1;
+        seed = (char *)seed + n;
+        size -= n;
+    }
     return 0;
 }
 # else
@@ -590,9 +600,14 @@ fill_random_bytes_crypt(void *seed, size_t size)
 static int
 fill_random_bytes_bcrypt(void *seed, size_t size)
 {
-    if (!BCryptGenRandom(NULL, seed, size, BCRYPT_USE_SYSTEM_PREFERRED_RNG))
-	return 0;
-    return -1;
+    while (size > 0) {
+        ULONG n = (size > (size_t)ULONG_MAX) ? LONG_MAX : (ULONG)size;
+        if (BCryptGenRandom(NULL, seed, n, BCRYPT_USE_SYSTEM_PREFERRED_RNG))
+            return -1;
+        seed = (char *)seed + n;
+        size -= n;
+    }
+    return 0;
 }
 
 static int