search

vt-middleware / passay

Password policy enforcement for Java.
http://www.passay.org
Other
275 stars 63 forks source link

BufferOverflowException in PasswordGenerator when given rules enforce a longer password than the requests length #129

Closed tombueng closed 3 years ago

tombueng commented 3 years ago

When the given rules need more chars than requested a BufferOverflowException occurs.

new PasswordGenerator().generatePassword(5,new CharacterRule(EnglishCharacterData.LowerCase,10));

java.nio.BufferOverflowException
    at java.base/java.nio.Buffer.nextPutIndex(Buffer.java:714)
    at java.base/java.nio.HeapCharBuffer.put(HeapCharBuffer.java:212)
    at java.base/java.nio.CharBuffer.append(CharBuffer.java:1800)
    at java.base/java.nio.CharBuffer.append(CharBuffer.java:266)
    at org.passay.PasswordGenerator.fillRandomCharacters(PasswordGenerator.java:100)
    at org.passay.PasswordGenerator.generatePassword(PasswordGenerator.java:77)
    at org.passay.PasswordGenerator.generatePassword(PasswordGenerator.java:53)

I think the expected result should be a password that fits the given rules even if it will be longer than requested.

dfish3r commented 3 years ago

Fixed in #130