Commit a07b2d4a authored by dsnopek's avatar dsnopek

Issue #2982173: [genpass] Add D6LTS patch for SA-CONTRIB-2018-042

parent aac412f0
diff --git a/genpass.module b/genpass.module
index b35b1d9..5d31623 100644
--- a/genpass.module
+++ b/genpass.module
@@ -26,17 +26,16 @@ function genpass_generate() {
}
/**
- * Generate a new password using genpass's internal password generation
- * algorithm.
- * Based on the original D6 user_password function (with more characters)
+ * Generates random password.
*
- * @return a fresh password according to the settings made in /admin/user/settings
+ * @see user_password()
*
- * @see genpass_form_alter()
+ * @return string
+ * The random string.
*/
function genpass_password() {
$pass = '';
- $length = variable_get('genpass_length', 8);
+ $length = variable_get('genpass_length', 12);
$allowable_characters = variable_get('genpass_entropy', _genpass_default_entropy());
// Zero-based count of characters in the allowable list:
@@ -44,9 +43,14 @@ function genpass_password() {
// Loop the number of times specified by $length.
for ($i = 0; $i < $length; $i++) {
+ do {
+ // Find a secure random number within the range needed.
+ $index = ord(drupal_random_bytes(1));
+ } while ($index > $len);
+
// Each iteration, pick a random character from the
// allowable string and append it to the password:
- $pass .= $allowable_characters[mt_rand(0, $len)];
+ $pass .= $allowable_characters[$index];
}
return $pass;
@@ -90,7 +94,7 @@ function genpass_form_alter(&$form, $form_state, $form_id) {
$form['registration']['genpass_length'] = array(
'#type' => 'textfield',
'#title' => t('Generated password length'),
- '#default_value' => variable_get('genpass_length', 8),
+ '#default_value' => variable_get('genpass_length', 12),
'#size' => 2,
'#maxlength' => 2,
'#description' => t('Set the length of generated passwords here. Allowed range: 5 to 32.'),
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment