From b903dbff181920015fbfc71c28a073b399489f18 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Mon, 22 Nov 2021 09:51:15 +0100 Subject: [PATCH] ByteBuffer.array() must not be used as it does not take the real buffer size into account and returns the whole buffer up to its capacity. Fixes #745. (#746) Co-authored-by: Yves Langisch (cherry picked from commit d8697c2228c1e6eb0320332e18b10e673d2f0aaa) --- .../sshj/userauth/password/PasswordUtils.java | 6 +++- .../sshj/keyprovider/PuTTYKeyFileTest.java | 28 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java b/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java index 831b7d84..c60469e4 100644 --- a/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java +++ b/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java @@ -15,6 +15,7 @@ */ package net.schmizz.sshj.userauth.password; +import java.nio.ByteBuffer; import java.nio.CharBuffer; import java.nio.charset.StandardCharsets; import java.util.Arrays; @@ -64,6 +65,9 @@ public boolean shouldRetry(Resource resource) { */ public static byte[] toByteArray(char[] password) { CharBuffer charBuffer = CharBuffer.wrap(password); - return StandardCharsets.UTF_8.encode(charBuffer).array(); + final ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer); + byte[] bytes = new byte[byteBuffer.remaining()]; + byteBuffer.get(bytes, 0, bytes.length); + return bytes; } } diff --git a/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java b/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java index 7be15baf..a80ce653 100644 --- a/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java +++ b/src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java @@ -209,6 +209,25 @@ public class PuTTYKeyFileTest { "oYhmT2+0DKBuBVCAM4qRdA==\n" + "Private-MAC: 40ccc8b9a7291ec64e5be0c99badbc8a012bf220\n"; + final static String ppk1024_umlaut_passphrase = "PuTTY-User-Key-File-2: ssh-rsa\n" + + "Encryption: aes256-cbc\n" + + "Comment: user@host\n" + + "Public-Lines: 4\n" + + "AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsQv60HaW0301hX/xV3AUcutbDDAJp7KWc\n" + + "6swL+H6jhwe3N7FK/SA4492bK5oHwU3ea3X6moLuapTMawMQbRy1kfQm99wcYc7C\n" + + "6PJO3uouzjDatc/aByDejbo5OL9kK4Vy7qm6tw1hC0JIM+TCvItKu+t6Myl7xzv4\n" + + "KbSHiMzulQ==\n" + + "Private-Lines: 8\n" + + "hPS6HYs4t8WChglZzo5G/B0ohnw2DQS19HMPllyVr9XfDyT2Xk8ZSTye84r5CtMP\n" + + "xF4Qc0nkoStyw9p9Tm762FhkM0iGghLWeCdTyqXVlAA9l3sr0BMJ9AoMvjQBqqns\n" + + "gjfPvmtNPFn8sfApHVOv1qSLSGOMZFm/q6KtGuR+IyTnMuZ71b/cQYYHbsAQxt09\n" + + "96I7jDhup/4uoi/tcPYhe998wRFSSldkAtcmYGUnDWCiivlP+gZsXvOI2zs2gCxx\n" + + "ECEwZNTR/j3G0muRUMf91iZSMBije+41j345F+ZHJ43gYXW6lxjFtI5jr9LRGWF1\n" + + "hTeY6IlLt4EBBGNrO8Rn0oGVuQdFQAZaredlt1V5FsgcSaMgg3rlScoz0IHHD66Q\n" + + "Hglp/IYN6Sx6OEGjh3oLGImag+Mz9/9WWGXPLhZ4MUpFAWqcTD4qPK0jYxTCM6QC\n" + + "TybFqMeCSEKiHSOiOGf2oQ==\n" + + "Private-MAC: 6aec23b6267edcb87b05ddef52a80894e3a246c4"; + final static String ppkdsa_passphrase = "PuTTY-User-Key-File-2: ssh-dss\n" + "Encryption: aes256-cbc\n" + "Comment: dsa-key-20140507\n" + @@ -502,6 +521,15 @@ public void testCorrectPassphraseRsa() throws Exception { assertNotNull(key.getPublic()); } + @Test + public void testCorrectPassphraseUmlautRsa() throws Exception { + PuTTYKeyFile key = new PuTTYKeyFile(); + key.init(new StringReader(ppk1024_umlaut_passphrase), new UnitTestPasswordFinder("äöü")); + // Install JCE Unlimited Strength Jurisdiction Policy Files if we get java.security.InvalidKeyException: Illegal key size + assertNotNull(key.getPrivate()); + assertNotNull(key.getPublic()); + } + @Test(expected = IOException.class) public void testWrongPassphraseRsa() throws Exception { PuTTYKeyFile key = new PuTTYKeyFile();