diff options
author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2022-05-12 16:45:58 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-12 16:45:58 +0300 |
commit | 32139610c5e11ee84c71cc1db3e58523f749aa27 (patch) | |
tree | 015a97fa4209e186a6433650d3440bb5bdf7f89e /lib/private/Security/SecureRandom.php | |
parent | 33ffaad14bd15c8f6ed370b28bc83feec4f69980 (diff) | |
parent | 01dbd22c9c2347fffc28240e4a1bd9ccf509a24b (diff) |
Merge pull request #32355 from nextcloud/bugfix/noid/prevent-invalid-length
Validate requested length is random string generator
Diffstat (limited to 'lib/private/Security/SecureRandom.php')
-rw-r--r-- | lib/private/Security/SecureRandom.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/private/Security/SecureRandom.php b/lib/private/Security/SecureRandom.php index 4bf8995d737..cbd1dc8db6d 100644 --- a/lib/private/Security/SecureRandom.php +++ b/lib/private/Security/SecureRandom.php @@ -40,14 +40,19 @@ use OCP\Security\ISecureRandom; */ class SecureRandom implements ISecureRandom { /** - * Generate a random string of specified length. + * Generate a secure random string of specified length. * @param int $length The length of the generated string * @param string $characters An optional list of characters to use if no character list is * specified all valid base64 characters are used. * @return string + * @throws \LengthException if an invalid length is requested */ public function generate(int $length, string $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'): string { + if ($length <= 0) { + throw new \LengthException('Invalid length specified: ' . $length . ' must be bigger than 0'); + } + $maxCharIndex = \strlen($characters) - 1; $randomString = ''; |