Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 3.0.6, 2.7.17, 3.1.2
-
Component/s: Core, JAX-RS Security
-
Labels:None
-
Estimated Complexity:Unknown
Description
DeflateEncoderDecoder/CompressionUtils inflate method assumes that the compression ratio will be 2:1. That assumption is not true for SAML tokens with many similar attribute statements. The inflated token will be corrupted with a portion of the token replaced with null characters.
https://github.com/apache/cxf/blob/cxf-2.7.17/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java#L34
https://github.com/apache/cxf/blob/cxf-3.0.6/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java#L41
https://github.com/apache/cxf/blob/cxf-3.1.2/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java#L41
@Test
public void testInflateDeflateWithTokenDuplication() throws Exception {
String token = "valid_grant valid_grant valid_grant valid_grant valid_grant valid_grant";
DeflateEncoderDecoder deflateEncoderDecoder = new DeflateEncoderDecoder();
byte[] deflatedToken = deflateEncoderDecoder.deflateToken(token.getBytes());
String cxfInflatedToken = IOUtils
.toString(deflateEncoderDecoder.inflateToken(deflatedToken));
String streamInflatedToken = IOUtils.toString(
new InflaterInputStream(new ByteArrayInputStream(deflatedToken),
new Inflater(true)));
assertThat(streamInflatedToken, is(token));
assertThat(cxfInflatedToken, is(token));
}
The stream inflated token is correct but the CXF inflated token is invalid.
java.lang.AssertionError: Expected: is "valid_grant valid_grant valid_grant valid_grant valid_grant valid_grant" got: "t valid_grant valid_grant valid_grant"