Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
3.0.6, 2.7.17, 3.1.2
-
None
-
Unknown
Description
DeflateEncoderDecoder/CompressionUtils inflate method assumes that the compression ratio will be 2:1. That assumption is not true for SAML tokens with many similar attribute statements. The inflated token will be corrupted with a portion of the token replaced with null characters.
https://github.com/apache/cxf/blob/cxf-2.7.17/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java#L34
https://github.com/apache/cxf/blob/cxf-3.0.6/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java#L41
https://github.com/apache/cxf/blob/cxf-3.1.2/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java#L41
@Test public void testInflateDeflateWithTokenDuplication() throws Exception { String token = "valid_grant valid_grant valid_grant valid_grant valid_grant valid_grant"; DeflateEncoderDecoder deflateEncoderDecoder = new DeflateEncoderDecoder(); byte[] deflatedToken = deflateEncoderDecoder.deflateToken(token.getBytes()); String cxfInflatedToken = IOUtils .toString(deflateEncoderDecoder.inflateToken(deflatedToken)); String streamInflatedToken = IOUtils.toString( new InflaterInputStream(new ByteArrayInputStream(deflatedToken), new Inflater(true))); assertThat(streamInflatedToken, is(token)); assertThat(cxfInflatedToken, is(token)); }
The stream inflated token is correct but the CXF inflated token is invalid.
java.lang.AssertionError: Expected: is "valid_grant valid_grant valid_grant valid_grant valid_grant valid_grant" got: "t valid_grant valid_grant valid_grant"