diff options
author | David Pursehouse <david.pursehouse@sonymobile.com> | 2014-11-26 00:23:57 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2014-11-26 00:23:59 +0000 |
commit | d5d56d971a5a6732e1aa07347fbb198cdafb2ca3 (patch) | |
tree | 07813ca987f502ad90ad83e958400008de1cc400 | |
parent | 2b2d62b1d1704b639287fc62fe87bedf2cab85bf (diff) | |
parent | d1732a11bfb354145edc8c7b39e5b6f6ac9b416b (diff) |
Merge changes If70bf233,Ie90ccc80 into stable-2.9
* changes:
Increase the size of HTTP passwords
Do not throw away random bytes from the CSPRNG
-rw-r--r-- | Documentation/rest-api-accounts.txt | 2 | ||||
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/Documentation/rest-api-accounts.txt b/Documentation/rest-api-accounts.txt index 28014295f9..2276e40dc1 100644 --- a/Documentation/rest-api-accounts.txt +++ b/Documentation/rest-api-accounts.txt @@ -269,7 +269,7 @@ Retrieves the HTTP password of an account. Content-Type: application/json;charset=UTF-8 )]}' - "ETxgpih8xrNs" + "Qmxlc21ydCB1YmVyIGFsbGVzIGluIGRlciBXZWx0IQ" ---- If the account does not have an HTTP password the response is `404 Not Found`. diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java index f7061e3738..c814fb89ad 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java @@ -43,7 +43,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> { public boolean generate; } - private static final int LEN = 12; + private static final int LEN = 31; private static final SecureRandom rng; static { @@ -124,8 +124,8 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> { rng.nextBytes(rand); byte[] enc = Base64.encodeBase64(rand, false); - StringBuilder r = new StringBuilder(LEN); - for (int i = 0; i < LEN; i++) { + StringBuilder r = new StringBuilder(enc.length); + for (int i = 0; i < enc.length; i++) { if (enc[i] == '=') { break; } |