From d7a858de3449ae3aecf60e7d074d3adb0142308d Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 28 Dec 2023 13:31:29 +0100
Subject: [PATCH] Auth/vouchers - fix integer validation, closes
 https://github.com/opnsense/core/issues/7105

---
 src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php b/src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
index 750ece77a..68f6bae4d 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
@@ -204,11 +204,11 @@ class Voucher extends Base implements IAuthConnector
             $expirytime = $expirytime == 0 ? 0 : $expirytime + time();
             while ($vouchersGenerated < $count) {
                 $generatedUsername = '';
-                for ($j = 0; $j < $this->usernameLength; $j++) {
+                for ($j = 0; $j < max($this->usernameLength, 1); $j++) {
                     $generatedUsername .= $characterMap[random_int(0, strlen($characterMap) - 1)];
                 }
                 $generatedPassword = '';
-                for ($j = 0; $j < $this->passwordLength; $j++) {
+                for ($j = 0; $j < max($this->passwordLength, 1); $j++) {
                     $generatedPassword .= $characterMap[random_int(0, strlen($characterMap) - 1)];
                 }
 
@@ -423,7 +423,7 @@ class Voucher extends Base implements IAuthConnector
         $fields["usernameLength"]["default"] = null;
         $fields["usernameLength"]["help"] = gettext("Specify alternative username length for generating vouchers");
         $fields["usernameLength"]["validate"] = function ($value) {
-            if (!empty($value) && filter_var($value, FILTER_SANITIZE_NUMBER_INT) != $value) {
+            if ($value != '' && (filter_var($value, FILTER_SANITIZE_NUMBER_INT) != $value || $value < 1)) {
                 return array(gettext("Username length must be a number or empty for default."));
             } else {
                 return array();
@@ -435,7 +435,7 @@ class Voucher extends Base implements IAuthConnector
         $fields["passwordLength"]["default"] = null;
         $fields["passwordLength"]["help"] = gettext("Specify alternative password length for generating vouchers");
         $fields["passwordLength"]["validate"] = function ($value) {
-            if (!empty($value) && filter_var($value, FILTER_SANITIZE_NUMBER_INT) != $value) {
+            if ($value != '' && (filter_var($value, FILTER_SANITIZE_NUMBER_INT) != $value || $value < 1)) {
                 return array(gettext("Password length must be a number or empty for default."));
             } else {
                 return array();