From a0c7798c7dd0ec537a6ed3b964103a9ad94d2040 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 22 Mar 2022 10:51:54 +0100
Subject: Limit the length of app password names

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Authentication/Token/Manager.php                | 4 ++++
 lib/private/Authentication/Token/PublicKeyTokenProvider.php | 4 ++++
 2 files changed, 8 insertions(+)

(limited to 'lib/private')

diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php
index 0a7a821e23e..ae0874733f8 100644
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@@ -61,6 +61,10 @@ class Manager implements IProvider {
 								  string $name,
 								  int $type = IToken::TEMPORARY_TOKEN,
 								  int $remember = IToken::DO_NOT_REMEMBER): IToken {
+		if (mb_strlen($name) > 128) {
+			throw new InvalidTokenException('The given name is too long');
+		}
+
 		try {
 			return $this->publicKeyTokenProvider->generateToken(
 				$token,
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index d2ee47cf380..26337029d77 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -84,6 +84,10 @@ class PublicKeyTokenProvider implements IProvider {
 								  string $name,
 								  int $type = IToken::TEMPORARY_TOKEN,
 								  int $remember = IToken::DO_NOT_REMEMBER): IToken {
+		if (mb_strlen($name) > 128) {
+			throw new InvalidTokenException('The given name is too long');
+		}
+
 		$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
 		$this->mapper->insert($dbToken);
 
-- 
cgit v1.2.3