diff options
author | Vincent Petry <vincent@nextcloud.com> | 2022-05-12 13:58:18 +0200 |
---|---|---|
committer | Vincent Petry <vincent@nextcloud.com> | 2022-05-12 13:58:18 +0200 |
commit | 01dbd22c9c2347fffc28240e4a1bd9ccf509a24b (patch) | |
tree | 015a97fa4209e186a6433650d3440bb5bdf7f89e /lib | |
parent | 33ffaad14bd15c8f6ed370b28bc83feec4f69980 (diff) | |
download | nextcloud-server-01dbd22c9c2347fffc28240e4a1bd9ccf509a24b.tar.gz nextcloud-server-01dbd22c9c2347fffc28240e4a1bd9ccf509a24b.zip |
Validate requested length is random string generator
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Security/SecureRandom.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/private/Security/SecureRandom.php b/lib/private/Security/SecureRandom.php index 4bf8995d737..cbd1dc8db6d 100644 --- a/lib/private/Security/SecureRandom.php +++ b/lib/private/Security/SecureRandom.php @@ -40,14 +40,19 @@ use OCP\Security\ISecureRandom; */ class SecureRandom implements ISecureRandom { /** - * Generate a random string of specified length. + * Generate a secure random string of specified length. * @param int $length The length of the generated string * @param string $characters An optional list of characters to use if no character list is * specified all valid base64 characters are used. * @return string + * @throws \LengthException if an invalid length is requested */ public function generate(int $length, string $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'): string { + if ($length <= 0) { + throw new \LengthException('Invalid length specified: ' . $length . ' must be bigger than 0'); + } + $maxCharIndex = \strlen($characters) - 1; $randomString = ''; |