SEC-754: Fixed wrong array length and added tests for encoding non-ascii password.

core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java

@@ -55,7 +55,7 @@ public class Md4PasswordEncoder extends BaseDigestPasswordEncoder {
 		}
 		
 		Md4 md4 = new Md4();
-		md4.update(passBytes, 0, saltedPass.length());
+		md4.update(passBytes, 0, passBytes.length);
 		
 		byte[] resBuf = md4.digest();
 

core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java

@@ -45,6 +45,12 @@ public class Md4PasswordEncoderTests extends TestCase {
 		String encodedPassword = md4.encodePassword("", null);
 		assertEquals("MdbP4NFq6TG3PFnX4MCJwA==", encodedPassword);
 	}
+	
+	public void testNonAsciiPasswordHasCorrectHash() {
+		Md4PasswordEncoder md4 = new Md4PasswordEncoder();
+		String encodedPassword = md4.encodePassword("你好", null);
+		assertEquals("a7f1196539fd1f85f754ffd185b16e6e", encodedPassword);		
+	}
 
 	public void testIsHexPasswordValid() {
 		Md4PasswordEncoder md4 = new Md4PasswordEncoder();

core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java

@@ -40,6 +40,12 @@ public class Md5PasswordEncoderTests extends TestCase {
         assertEquals("a68aafd90299d0b137de28fb4bb68573", encoded);
         assertEquals("MD5", pe.getAlgorithm());
     }
+    
+	public void testNonAsciiPasswordHasCorrectHash() {
+		Md5PasswordEncoder md5 = new Md5PasswordEncoder();
+		String encodedPassword = md5.encodePassword("你好", null);
+		assertEquals("7eca689f0d3389d9dea66ae112e5cfd7", encodedPassword);		
+	}    
 
     public void testBase64() throws Exception {
         Md5PasswordEncoder pe = new Md5PasswordEncoder();