From 6186077401d4b3d756d5f787ad94087d1cf0a98f Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Thu, 20 Aug 2015 10:12:27 +0200 Subject: [PATCH 161/325] pw(8): Increase minimal random password length to 32 It's not obvious to me why the length is randomized as well in the first place but whatever ... Obtained from: ElectroBSD --- usr.sbin/pw/pw_user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index 2eec317b5e5b..552ce78a6665 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -514,13 +514,13 @@ static char * pw_password(struct userconf * cnf, char const * user, bool dryrun) { int i, l; - char pwbuf[32]; + char pwbuf[41]; switch (cnf->default_password) { case P_NONE: /* No password at all! */ return ""; case P_RANDOM: /* Random password */ - l = (arc4random() % 8 + 8); /* 8 - 16 chars */ + l = sizeof(pwbuf) - 1 - (arc4random() % 8); /* 32 - 40 chars */ for (i = 0; i < l; i++) pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)]; pwbuf[i] = '\0'; -- 2.32.0