Bound maximum size of random_git buffer.

Bryan McQuade · Bryan McQuade · commit 2c38a3113b2a · 2022-04-14T20:47:34.000-04:00
diff --git a/include/proxy-wasm/limits.h b/include/proxy-wasm/limits.h
@@ -23,3 +23,9 @@
 #ifndef PROXY_WASM_HOST_MAX_WASM_MEMORY_SIZE_BYTES
 #define PROXY_WASM_HOST_MAX_WASM_MEMORY_SIZE_BYTES (1024 * 1024 * 1024)
 #endif
+
+// Maximum allowed random_get buffer size. This value is consistent with
+// the JavaScript Crypto.getRandomValues() maximum buffer size.
+#ifndef PROXY_WASM_HOST_WASI_RANDOM_GET_MAX_SIZE_BYTES
+#define PROXY_WASM_HOST_WASI_RANDOM_GET_MAX_SIZE_BYTES (64 * 1024)
+#endif
diff --git a/src/exports.cc b/src/exports.cc
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
+#include "include/proxy-wasm/limits.h"
 #include "include/proxy-wasm/wasm.h"
 
 #include <openssl/rand.h>
@@ -884,6 +885,9 @@ Word wasi_unstable_clock_time_get(Word clock_id, uint64_t /*precision*/,
 
 // __wasi_errno_t __wasi_random_get(uint8_t *buf, size_t buf_len);
 Word wasi_unstable_random_get(Word result_buf_ptr, Word buf_len) {
+  if (buf_len > PROXY_WASM_HOST_WASI_RANDOM_GET_MAX_SIZE_BYTES) {
+    return 28;  // __WASI_EINVAL
+  }
   auto *context = contextOrEffectiveContext();
   std::vector<uint8_t> random(buf_len);
   RAND_bytes(random.data(), random.size());
