summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorVincent Petry <vincent@nextcloud.com>2022-05-12 13:58:18 +0200
committerVincent Petry <vincent@nextcloud.com>2022-05-12 13:58:18 +0200
commit01dbd22c9c2347fffc28240e4a1bd9ccf509a24b (patch)
tree015a97fa4209e186a6433650d3440bb5bdf7f89e /lib
parent33ffaad14bd15c8f6ed370b28bc83feec4f69980 (diff)
downloadnextcloud-server-01dbd22c9c2347fffc28240e4a1bd9ccf509a24b.tar.gz
nextcloud-server-01dbd22c9c2347fffc28240e4a1bd9ccf509a24b.zip
Validate requested length is random string generator
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Security/SecureRandom.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/private/Security/SecureRandom.php b/lib/private/Security/SecureRandom.php
index 4bf8995d737..cbd1dc8db6d 100644
--- a/lib/private/Security/SecureRandom.php
+++ b/lib/private/Security/SecureRandom.php
@@ -40,14 +40,19 @@ use OCP\Security\ISecureRandom;
*/
class SecureRandom implements ISecureRandom {
/**
- * Generate a random string of specified length.
+ * Generate a secure random string of specified length.
* @param int $length The length of the generated string
* @param string $characters An optional list of characters to use if no character list is
* specified all valid base64 characters are used.
* @return string
+ * @throws \LengthException if an invalid length is requested
*/
public function generate(int $length,
string $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'): string {
+ if ($length <= 0) {
+ throw new \LengthException('Invalid length specified: ' . $length . ' must be bigger than 0');
+ }
+
$maxCharIndex = \strlen($characters) - 1;
$randomString = '';