[pve-devel] applied: [PATCH qemu-server] fix #2457: ga: set-user-password: increase maxLength of password
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Nov 11 16:31:32 CET 2019
On 11/11/19 4:18 PM, Dominik Csapak wrote:
> sha-512 crypted passwords are longer than 64 byte, and also
> it does not make sense to limit passwords to such a short length.
> increase to 1024 (should be enough for a while and limits
> possible attack surface for the api/guest-agent)
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> PVE/API2/Qemu/Agent.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/PVE/API2/Qemu/Agent.pm b/PVE/API2/Qemu/Agent.pm
> index 839146c..51fb0d8 100644
> --- a/PVE/API2/Qemu/Agent.pm
> +++ b/PVE/API2/Qemu/Agent.pm
> @@ -227,7 +227,7 @@ __PACKAGE__->register_method({
> type => 'string',
> description => 'The new password.',
> minLength => 5,
> - maxLength => 64,
> + maxLength => 1024,
> },
> crypted => {
> type => 'boolean',
>
applied, but rewrote commit message a bit, to not make this sound as
it was a password our API or the agent itself used :)
More information about the pve-devel
mailing list