ByteBuffer.array() must not be used as it does not take the real buffer size into account and returns the whole buffer up to its capacity. Fixes #745. (#746)

Co-authored-by: Yves Langisch <yla@iterate.ch>
2025-12-06 15:20:54 +03:00 · 2021-11-22 09:51:15 +01:00
parent 7c14098f7d
commit d8697c2228
2 changed files with 33 additions and 1 deletions
--- a/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
+++ b/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
@@ -15,6 +15,7 @@
 */
 package net.schmizz.sshj.userauth.password;

+import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
@@ -64,6 +65,9 @@ public class PasswordUtils {
     */
    public static byte[] toByteArray(char[] password) {
        CharBuffer charBuffer = CharBuffer.wrap(password);
-        return StandardCharsets.UTF_8.encode(charBuffer).array();
+        final ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
+        byte[] bytes = new byte[byteBuffer.remaining()];
+        byteBuffer.get(bytes, 0, bytes.length);
+        return bytes;
    }
 }
--- a/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java
+++ b/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java
@@ -209,6 +209,25 @@ public class PuTTYKeyFileTest {
            "oYhmT2+0DKBuBVCAM4qRdA==\n" +
            "Private-MAC: 40ccc8b9a7291ec64e5be0c99badbc8a012bf220\n";

+    final static String ppk1024_umlaut_passphrase = "PuTTY-User-Key-File-2: ssh-rsa\n" +
+            "Encryption: aes256-cbc\n" +
+            "Comment: user@host\n" +
+            "Public-Lines: 4\n" +
+            "AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsQv60HaW0301hX/xV3AUcutbDDAJp7KWc\n" +
+            "6swL+H6jhwe3N7FK/SA4492bK5oHwU3ea3X6moLuapTMawMQbRy1kfQm99wcYc7C\n" +
+            "6PJO3uouzjDatc/aByDejbo5OL9kK4Vy7qm6tw1hC0JIM+TCvItKu+t6Myl7xzv4\n" +
+            "KbSHiMzulQ==\n" +
+            "Private-Lines: 8\n" +
+            "hPS6HYs4t8WChglZzo5G/B0ohnw2DQS19HMPllyVr9XfDyT2Xk8ZSTye84r5CtMP\n" +
+            "xF4Qc0nkoStyw9p9Tm762FhkM0iGghLWeCdTyqXVlAA9l3sr0BMJ9AoMvjQBqqns\n" +
+            "gjfPvmtNPFn8sfApHVOv1qSLSGOMZFm/q6KtGuR+IyTnMuZ71b/cQYYHbsAQxt09\n" +
+            "96I7jDhup/4uoi/tcPYhe998wRFSSldkAtcmYGUnDWCiivlP+gZsXvOI2zs2gCxx\n" +
+            "ECEwZNTR/j3G0muRUMf91iZSMBije+41j345F+ZHJ43gYXW6lxjFtI5jr9LRGWF1\n" +
+            "hTeY6IlLt4EBBGNrO8Rn0oGVuQdFQAZaredlt1V5FsgcSaMgg3rlScoz0IHHD66Q\n" +
+            "Hglp/IYN6Sx6OEGjh3oLGImag+Mz9/9WWGXPLhZ4MUpFAWqcTD4qPK0jYxTCM6QC\n" +
+            "TybFqMeCSEKiHSOiOGf2oQ==\n" +
+            "Private-MAC: 6aec23b6267edcb87b05ddef52a80894e3a246c4";
+
    final static String ppkdsa_passphrase = "PuTTY-User-Key-File-2: ssh-dss\n" +
            "Encryption: aes256-cbc\n" +
            "Comment: dsa-key-20140507\n" +
@@ -502,6 +521,15 @@ public class PuTTYKeyFileTest {
        assertNotNull(key.getPublic());
    }

+    @Test
+    public void testCorrectPassphraseUmlautRsa() throws Exception {
+        PuTTYKeyFile key = new PuTTYKeyFile();
+        key.init(new StringReader(ppk1024_umlaut_passphrase), new UnitTestPasswordFinder("äöü"));
+        // Install JCE Unlimited Strength Jurisdiction Policy Files if we get java.security.InvalidKeyException: Illegal key size
+        assertNotNull(key.getPrivate());
+        assertNotNull(key.getPublic());
+    }
+
    @Test(expected = IOException.class)
    public void testWrongPassphraseRsa() throws Exception {
        PuTTYKeyFile key = new PuTTYKeyFile();