This is an automated email from the ASF dual-hosted git repository.
sgarofalo pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push:
new 6d7d4112b0 [SYNCOPE-1780] improve password generation to avoid
BufferOverflowException (#528)
6d7d4112b0 is described below
commit 6d7d4112b0f3ddd53d8a59a41fd0eaff55dff958
Author: Samuel Garofalo <[email protected]>
AuthorDate: Fri Oct 6 16:10:51 2023 +0200
[SYNCOPE-1780] improve password generation to avoid BufferOverflowException
(#528)
---
.../apache/syncope/core/spring/security/DefaultPasswordGenerator.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
index 32954abff1..64f202d153 100644
---
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
+++
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
@@ -180,6 +180,8 @@ public class DefaultPasswordGenerator implements
PasswordGenerator {
new CharacterRule(EnglishCharacterData.Alphabetical,
halfMinLength),
new CharacterRule(EnglishCharacterData.Digit,
halfMinLength));
}
- return
SecureRandomUtils.passwordGenerator().generatePassword(ruleConf.getMinLength(),
characterRules);
+ int min = Math.max(ruleConf.getMinLength(),
+
characterRules.stream().mapToInt(CharacterRule::getNumberOfCharacters).sum());
+ return SecureRandomUtils.passwordGenerator().generatePassword(min,
characterRules);
}
}
