refactor(crypto): validate max random bytes in Rust (#10857)

1 files changed, 11 insertions, 6 deletions

diff --git a/extensions/crypto/lib.rs b/extensions/crypto/lib.rs
index bf4174f75..0ec7f4717 100644
--- a/extensions/crypto/lib.rs
+++ b/extensions/crypto/lib.rs
@@ -1,6 +1,5 @@
 // Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.
 
-use deno_core::error::null_opbuf;
 use deno_core::error::AnyError;
 use deno_core::include_js_files;
 use deno_core::op_sync;
@@ -39,10 +38,16 @@ pub fn init(maybe_seed: Option<u64>) -> Extension {
 
 pub fn op_crypto_get_random_values(
   state: &mut OpState,
-  _args: (),
-  zero_copy: Option<ZeroCopyBuf>,
+  mut zero_copy: ZeroCopyBuf,
+  _: (),
 ) -> Result<(), AnyError> {
-  let mut zero_copy = zero_copy.ok_or_else(null_opbuf)?;
+  if zero_copy.len() > 65536 {
+    return Err(
+      deno_web::DomExceptionQuotaExceededError::new(&format!("The ArrayBufferView's byte length ({}) exceeds the number of bytes of entropy available via this API (65536)", zero_copy.len()))
+        .into(),
+    );
+  }
+
   let maybe_seeded_rng = state.try_borrow_mut::<StdRng>();
   if let Some(seeded_rng) = maybe_seeded_rng {
     seeded_rng.fill(&mut *zero_copy);
@@ -56,8 +61,8 @@ pub fn op_crypto_get_random_values(
 
 pub fn op_crypto_random_uuid(
   state: &mut OpState,
-  _args: (),
-  _zero_copy: (),
+  _: (),
+  _: (),
 ) -> Result<String, AnyError> {
   let maybe_seeded_rng = state.try_borrow_mut::<StdRng>();
   let uuid = if let Some(seeded_rng) = maybe_seeded_rng {