From 6612d0f72931aa6a3feb90df8b2eabd502b47fcd Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Mon, 7 Apr 2008 14:13:40 +0000
Subject: [PATCH] SEC-754: Fixed wrong array length and added tests for
 encoding non-ascii password.

---
 .../security/providers/encoding/Md4PasswordEncoder.java     | 2 +-
 .../providers/encoding/Md4PasswordEncoderTests.java         | 6 ++++++
 .../providers/encoding/Md5PasswordEncoderTests.java         | 6 ++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java b/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java
index 788f1d6029..730e7b9540 100644
--- a/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java
+++ b/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java
@@ -55,7 +55,7 @@ public class Md4PasswordEncoder extends BaseDigestPasswordEncoder {
 		}
 		
 		Md4 md4 = new Md4();
-		md4.update(passBytes, 0, saltedPass.length());
+		md4.update(passBytes, 0, passBytes.length);
 		
 		byte[] resBuf = md4.digest();
 
diff --git a/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java b/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java
index 359c82fb7a..f95be64130 100644
--- a/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java
+++ b/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java
@@ -45,6 +45,12 @@ public class Md4PasswordEncoderTests extends TestCase {
 		String encodedPassword = md4.encodePassword("", null);
 		assertEquals("MdbP4NFq6TG3PFnX4MCJwA==", encodedPassword);
 	}
+	
+	public void testNonAsciiPasswordHasCorrectHash() {
+		Md4PasswordEncoder md4 = new Md4PasswordEncoder();
+		String encodedPassword = md4.encodePassword("你好", null);
+		assertEquals("a7f1196539fd1f85f754ffd185b16e6e", encodedPassword);		
+	}
 
 	public void testIsHexPasswordValid() {
 		Md4PasswordEncoder md4 = new Md4PasswordEncoder();
diff --git a/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java b/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java
index e1ab646631..3b92c8063b 100644
--- a/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java
+++ b/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java
@@ -40,6 +40,12 @@ public class Md5PasswordEncoderTests extends TestCase {
         assertEquals("a68aafd90299d0b137de28fb4bb68573", encoded);
         assertEquals("MD5", pe.getAlgorithm());
     }
+    
+	public void testNonAsciiPasswordHasCorrectHash() {
+		Md5PasswordEncoder md5 = new Md5PasswordEncoder();
+		String encodedPassword = md5.encodePassword("你好", null);
+		assertEquals("7eca689f0d3389d9dea66ae112e5cfd7", encodedPassword);		
+	}    
 
     public void testBase64() throws Exception {
         Md5PasswordEncoder pe = new Md5PasswordEncoder();