ByteBuffer.array() must not be used as it does not take the real buffer size into account and returns the whole buffer up to its capacity. Fixes #745. (#746)

Co-authored-by: Yves Langisch <yla@iterate.ch>
2025-12-08 08:10:55 +03:00 · 2021-11-22 09:51:15 +01:00
parent 7c14098f7d
commit d8697c2228
2 changed files with 33 additions and 1 deletions
--- a/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
+++ b/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
@@ -15,6 +15,7 @@
 */
 package net.schmizz.sshj.userauth.password;

+import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
@@ -64,6 +65,9 @@ public class PasswordUtils {
     */
    public static byte[] toByteArray(char[] password) {
        CharBuffer charBuffer = CharBuffer.wrap(password);
-        return StandardCharsets.UTF_8.encode(charBuffer).array();
+        final ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
+        byte[] bytes = new byte[byteBuffer.remaining()];
+        byteBuffer.get(bytes, 0, bytes.length);
+        return bytes;
    }
 }