Skip to content

Commit

Permalink
Merge pull request #130 from vt-middleware/passwd-gen-buffer-overflow
Browse files Browse the repository at this point in the history 
Passwd gen buffer overflow
@serac
serac authored Jul 20, 2021
2 parents 836c515 + d8a799c commit ac7fe10
Showing 4 changed files with 24 additions and 9 deletions.
9 changes: 5 additions & 4 deletions src/main/java/org/passay/CyrillicSequenceData.java
View file
Original file line number Diff line number Diff line change
@@ -7,14 +7,15 @@
* @author Middleware Services
*/
public enum CyrillicSequenceData implements SequenceData {

/**
* Alphabetical sequence.
*/
Alphabetical(
"ILLEGAL_ALPHABETICAL_SEQUENCE",
new CharacterSequence[] {
new CharacterSequence("абвгдеёжзийклмнопрстуфхцчшщъыьэюяіѣѳѵ", "АБВГДЕЁЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯІѢѲѴ"),
});
"ILLEGAL_ALPHABETICAL_SEQUENCE",
new CharacterSequence[] {
new CharacterSequence("абвгдеёжзийклмнопрстуфхцчшщъыьэюяіѣѳѵ", "АБВГДЕЁЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯІѢѲѴ"),
});

/**
* Error code.
8 changes: 4 additions & 4 deletions src/main/java/org/passay/CzechSequenceData.java
View file
Original file line number Diff line number Diff line change
@@ -12,10 +12,10 @@ public enum CzechSequenceData implements SequenceData {
* Alphabetical sequence.
*/
Alphabetical(
"ILLEGAL_ALPHABETICAL_SEQUENCE",
new CharacterSequence[] {
new CharacterSequence("aábcčdďeěéfghiíjklmnňoópqrřsštťuúůvwxyýzž", "AÁBCČDĎEĚÉFGHIÍJKLMNŇOÓPQRŘSŠTŤUÚŮVWXYÝZŽ"),
});
"ILLEGAL_ALPHABETICAL_SEQUENCE",
new CharacterSequence[] {
new CharacterSequence("aábcčdďeěéfghiíjklmnňoópqrřsštťuúůvwxyýzž", "AÁBCČDĎEĚÉFGHIÍJKLMNŇOÓPQRŘSŠTŤUÚŮVWXYÝZŽ"),
});

/**
* Error code.
5 changes: 4 additions & 1 deletion src/main/java/org/passay/PasswordGenerator.java
View file
Original file line number Diff line number Diff line change
@@ -74,7 +74,10 @@ public String generatePassword(final int length, final List<CharacterRule> rules
final CharBuffer buffer = CharBuffer.allocate(length);
if (rules != null) {
for (CharacterRule rule : rules) {
fillRandomCharacters(rule.getValidCharacters(), rule.getNumberOfCharacters(), buffer);
fillRandomCharacters(
rule.getValidCharacters(),
length <= rule.getNumberOfCharacters() ? length : rule.getNumberOfCharacters(),
buffer);
allChars.append(rule.getValidCharacters());
}
}
11 changes: 11 additions & 0 deletions src/test/java/org/passay/PasswordGeneratorTest.java
View file
Original file line number Diff line number Diff line change
@@ -89,4 +89,15 @@ public void testGenerator(final String pass)
AssertJUnit.assertFalse(failCharRule.validate(new PasswordData(pass)).isValid());
AssertJUnit.assertTrue(verifyCharRule.validate(new PasswordData(pass)).isValid());
}


/**
*/
@Test(groups = "passgentest")
public void testBufferOverflow()
{
new PasswordGenerator().generatePassword(5, new CharacterRule(EnglishCharacterData.LowerCase, 10));
new PasswordGenerator().generatePassword(10, new CharacterRule(EnglishCharacterData.LowerCase, 5));
new PasswordGenerator().generatePassword(10, new CharacterRule(EnglishCharacterData.LowerCase, 10));
}
}

0 comments on commit ac7fe10

Please sign in to comment.