Skip to content

Commit 4316a09

Browse files
claudeclaude
committed
fix(ui): add max password length to prevent DoS
1 parent 5c8a19e commit 4316a09

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

ui/packages/shared/helpers/getEntropy.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -178,7 +178,8 @@ function getSecureRandomInt(max: number): number {
178178

179179
export function generatePassword(length: number = 16): string {
180180
const minLength = 4
181-
const actualLength = Math.max(length, minLength)
181+
const maxLength = 128
182+
const actualLength = Math.max(Math.min(length, maxLength), minLength)
182183

183184
const lowercase = 'abcdefghijklmnopqrstuvwxyz'
184185
const uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'

0 commit comments

Comments
 (0)