[pve-devel] [PATCH qemu-server] fix #2457: ga: set-user-password: increase maxLength of password
Dominik Csapak
d.csapak at proxmox.com
Mon Nov 11 16:18:45 CET 2019
sha-512 crypted passwords are longer than 64 byte, and also
it does not make sense to limit passwords to such a short length.
increase to 1024 (should be enough for a while and limits
possible attack surface for the api/guest-agent)
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
PVE/API2/Qemu/Agent.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/API2/Qemu/Agent.pm b/PVE/API2/Qemu/Agent.pm
index 839146c..51fb0d8 100644
--- a/PVE/API2/Qemu/Agent.pm
+++ b/PVE/API2/Qemu/Agent.pm
@@ -227,7 +227,7 @@ __PACKAGE__->register_method({
type => 'string',
description => 'The new password.',
minLength => 5,
- maxLength => 64,
+ maxLength => 1024,
},
crypted => {
type => 'boolean',
--
2.20.1
More information about the pve-devel
mailing list