Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6579

Inflated tokens can be corrupted if compression ratio is greater than 2:1

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0.6, 2.7.17, 3.1.2
    • Fix Version/s: 3.1.3, 2.7.18, 3.0.7
    • Component/s: Core, JAX-RS Security
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      DeflateEncoderDecoder/CompressionUtils inflate method assumes that the compression ratio will be 2:1. That assumption is not true for SAML tokens with many similar attribute statements. The inflated token will be corrupted with a portion of the token replaced with null characters.

      https://github.com/apache/cxf/blob/cxf-2.7.17/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java#L34
      https://github.com/apache/cxf/blob/cxf-3.0.6/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java#L41
      https://github.com/apache/cxf/blob/cxf-3.1.2/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java#L41

          @Test
          public void testInflateDeflateWithTokenDuplication() throws Exception {
              String token = "valid_grant valid_grant valid_grant valid_grant valid_grant valid_grant";
      
              DeflateEncoderDecoder deflateEncoderDecoder = new DeflateEncoderDecoder();
              byte[] deflatedToken = deflateEncoderDecoder.deflateToken(token.getBytes());
      
              String cxfInflatedToken = IOUtils
                      .toString(deflateEncoderDecoder.inflateToken(deflatedToken));
      
              String streamInflatedToken = IOUtils.toString(
                      new InflaterInputStream(new ByteArrayInputStream(deflatedToken),
                              new Inflater(true)));
      
              assertThat(streamInflatedToken, is(token));
              assertThat(cxfInflatedToken, is(token));
          }
      

      The stream inflated token is correct but the CXF inflated token is invalid.

      java.lang.AssertionError: 
      Expected: is "valid_grant valid_grant valid_grant valid_grant valid_grant valid_grant"
           got: "t valid_grant valid_grant valid_grant"
      

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              pklinef Phillip Klinefelter
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: