From 668da40ff16d14100f5a9c2e62e37b0029af1f24 Mon Sep 17 00:00:00 2001
From: kangxy <62419635+kangxy@users.noreply.github.com>
Date: Mon, 29 Jul 2024 17:50:40 +0800
Subject: [PATCH] Update Sha2Crypt.java
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The old regular expression is incorrect.
If you want to match [a-zA-Z0-9./] and limit the length to 16, I think it should be the following expression：
"^\\$([56])\\$(rounds=(\\d+)\\$)?([\\.\\/a-zA-Z0-9]{1,16})$")
---
 src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java b/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java
index e20a3a2ce7..84a696736a 100644
--- a/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java
+++ b/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java
@@ -69,7 +69,7 @@ public class Sha2Crypt {
 
     /** The pattern to match valid salt values. */
     private static final Pattern SALT_PATTERN = Pattern
-            .compile("^\\$([56])\\$(rounds=(\\d+)\\$)?([\\.\\/a-zA-Z0-9]{1,16}).*");
+            .compile("^\\$([56])\\$(rounds=(\\d+)\\$)?([\\.\\/a-zA-Z0-9]{1,16})$");
 
     /**
      * Generates a libc crypt() compatible "$5$" hash value with random salt.