upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2026-02-02 19:59:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix: Improved security for random character generator (#814)

Browse source 
Fixes random chars function to truly generate unpredictable character sequences and to replace `Get-Random` which is not entirely secure
This commit is contained in:
Lord Hepipud 2025-06-16 14:14:05 +02:00 committed by GitHub
parent 440a04659c
commit 854ef78f91
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 23 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/100-General/10-Changelog.md
View file

@ -15,6 +15,9 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
[Issues and PRs](https://github.com/Icinga/icinga-powershell-framework/milestone/42)
### Bugfixes
* [#814](https://github.com/Icinga/icinga-powershell-framework/pull/814) Fixes random chars function to truly generate unpredictable character sequences and to replace `Get-Random` which is not entirely secure
* [#815](https://github.com/Icinga/icinga-powershell-framework/pull/815) Fixes a possible crash for `Test-IcingaAddTypeExist`, causing the Icinga for Windows installation to fail when third party components are checked which are malfunctioning
## 1.13.3 (2025-05-08)

25
lib/core/windows/Get-IcingaRandomChars.psm1
View file

@ -11,13 +11,28 @@ function Get-IcingaRandomChars()
return $RandomChars;
}
while ($Count -gt 0) {
[int]$SymbolLength = $Symbols.Length;
$CryptoProvider = New-Object System.Security.Cryptography.RNGCryptoServiceProvider;
$ByteValue = New-Object Byte[] 4;
$maxValid = [uint32]::MaxValue - ([uint32]::MaxValue % $SymbolLength);
[int]$SymbolLength = $Symbols.Length;
$RandomValue = Get-Random -Minimum 0 -Maximum ($SymbolLength - 1);
$RandomChars += $Symbols[$RandomValue];
$Count -= 1;
for ($index = 0; $index -lt $Count; $index++) {
do {
# Generate random bytes
$CryptoProvider.GetBytes($ByteValue);
$RandomNumber = [BitConverter]::ToUInt32($ByteValue, 0);
# Ensure the random number is within the valid range to avoid maximum security
} while ($RandomNumber -ge $maxValid);
# Calculate the index for the symbol array
$randomIndex = $RandomNumber % $SymbolLength;
$RandomChars += $Symbols[$randomIndex];
}
# Clean up
$CryptoProvider.Dispose();
$CryptoProvider = $null;
$ByteValue = $null;
return $RandomChars;
}