ByteBuffer.array() must not be used as it does not take the real buff…

…er size into account and returns the whole buffer up to its capacity.
hierynomus · Nov 22, 2021 · c87f3bc · c87f3bc
1 parent 7c14098
commit c87f3bc
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java b/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
@@ -15,6 +15,7 @@
  */
 package net.schmizz.sshj.userauth.password;
 
+import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
@@ -64,6 +65,9 @@ public boolean shouldRetry(Resource<?> resource) {
      */
     public static byte[] toByteArray(char[] password) {
         CharBuffer charBuffer = CharBuffer.wrap(password);
-        return StandardCharsets.UTF_8.encode(charBuffer).array();
+        final ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
+        byte[] bytes = new byte[byteBuffer.remaining()];
+        byteBuffer.get(bytes, 0, bytes.length);
+        return bytes;
     }
 }
diff --git a/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java b/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java
@@ -209,6 +209,25 @@ public class PuTTYKeyFileTest {
             "oYhmT2+0DKBuBVCAM4qRdA==\n" +
             "Private-MAC: 40ccc8b9a7291ec64e5be0c99badbc8a012bf220\n";
 
+    final static String ppk1024_umlaut_passphrase = "PuTTY-User-Key-File-2: ssh-rsa\n" +
+            "Encryption: aes256-cbc\n" +
+            "Comment: user@host\n" +
+            "Public-Lines: 4\n" +
+            "AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsQv60HaW0301hX/xV3AUcutbDDAJp7KWc\n" +
+            "6swL+H6jhwe3N7FK/SA4492bK5oHwU3ea3X6moLuapTMawMQbRy1kfQm99wcYc7C\n" +
+            "6PJO3uouzjDatc/aByDejbo5OL9kK4Vy7qm6tw1hC0JIM+TCvItKu+t6Myl7xzv4\n" +
+            "KbSHiMzulQ==\n" +
+            "Private-Lines: 8\n" +
+            "hPS6HYs4t8WChglZzo5G/B0ohnw2DQS19HMPllyVr9XfDyT2Xk8ZSTye84r5CtMP\n" +
+            "xF4Qc0nkoStyw9p9Tm762FhkM0iGghLWeCdTyqXVlAA9l3sr0BMJ9AoMvjQBqqns\n" +
+            "gjfPvmtNPFn8sfApHVOv1qSLSGOMZFm/q6KtGuR+IyTnMuZ71b/cQYYHbsAQxt09\n" +
+            "96I7jDhup/4uoi/tcPYhe998wRFSSldkAtcmYGUnDWCiivlP+gZsXvOI2zs2gCxx\n" +
+            "ECEwZNTR/j3G0muRUMf91iZSMBije+41j345F+ZHJ43gYXW6lxjFtI5jr9LRGWF1\n" +
+            "hTeY6IlLt4EBBGNrO8Rn0oGVuQdFQAZaredlt1V5FsgcSaMgg3rlScoz0IHHD66Q\n" +
+            "Hglp/IYN6Sx6OEGjh3oLGImag+Mz9/9WWGXPLhZ4MUpFAWqcTD4qPK0jYxTCM6QC\n" +
+            "TybFqMeCSEKiHSOiOGf2oQ==\n" +
+            "Private-MAC: 6aec23b6267edcb87b05ddef52a80894e3a246c4";
+
     final static String ppkdsa_passphrase = "PuTTY-User-Key-File-2: ssh-dss\n" +
             "Encryption: aes256-cbc\n" +
             "Comment: dsa-key-20140507\n" +
@@ -502,6 +521,15 @@ public void testCorrectPassphraseRsa() throws Exception {
         assertNotNull(key.getPublic());
     }
 
+    @Test
+    public void testCorrectPassphraseUmlautRsa() throws Exception {
+        PuTTYKeyFile key = new PuTTYKeyFile();
+        key.init(new StringReader(ppk1024_umlaut_passphrase), new UnitTestPasswordFinder("äöü"));
+        // Install JCE Unlimited Strength Jurisdiction Policy Files if we get java.security.InvalidKeyException: Illegal key size
+        assertNotNull(key.getPrivate());
+        assertNotNull(key.getPublic());
+    }
+
     @Test(expected = IOException.class)
     public void testWrongPassphraseRsa() throws Exception {
         PuTTYKeyFile key = new PuTTYKeyFile();