Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panic on crypto/cipher: input not full blocks #193

Open
fformica opened this issue Jun 4, 2024 · 0 comments · May be fixed by #195
Open

panic on crypto/cipher: input not full blocks #193

fformica opened this issue Jun 4, 2024 · 0 comments · May be fixed by #195

Comments

@fformica
Copy link

fformica commented Jun 4, 2024

Hi, we tried switching a python implementation of our SAML client with this go library, and one of our users managed to trigger a panic:

runtime.gopanic
	/usr/local/go/src/runtime/panic.go:770
crypto/cipher.(*cbcDecrypter).CryptBlocks
	/usr/local/go/src/crypto/cipher/cbc.go:145
github.com/russellhaering/gosaml2/types.(*EncryptedAssertion).DecryptBytes
	/gomod-cache/github.com/russellhaering/gosaml2@v0.9.1/types/encrypted_assertion.go:68
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).decryptAssertions.func1
	/gomod-cache/github.com/russellhaering/gosaml2@v0.9.1/decode_response.go:176
github.com/russellhaering/goxmldsig/etreeutils.NSFindIterateCtx.func1
	/gomod-cache/github.com/russellhaering/goxmldsig@v1.4.0/etreeutils/namespace.go:299
github.com/russellhaering/goxmldsig/etreeutils.NSTraverse
	/gomod-cache/github.com/russellhaering/goxmldsig@v1.4.0/etreeutils/namespace.go:167
github.com/russellhaering/goxmldsig/etreeutils.NSTraverse
	/gomod-cache/github.com/russellhaering/goxmldsig@v1.4.0/etreeutils/namespace.go:174
github.com/russellhaering/goxmldsig/etreeutils.NSFindIterateCtx
	/gomod-cache/github.com/russellhaering/goxmldsig@v1.4.0/etreeutils/namespace.go:286
github.com/russellhaering/goxmldsig/etreeutils.NSFindIterate
	/gomod-cache/github.com/russellhaering/goxmldsig@v1.4.0/etreeutils/namespace.go:275
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).decryptAssertions
	/gomod-cache/github.com/russellhaering/gosaml2@v0.9.1/decode_response.go:196
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).ValidateEncodedResponse
	/gomod-cache/github.com/russellhaering/gosaml2@v0.9.1/decode_response.go:287
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).RetrieveAssertionInfo
	/gomod-cache/github.com/russellhaering/gosaml2@v0.9.1/retrieve_assertion.go:54

We didn't log the SAML response, unfortunately, but could the condition be anticipated in order to fail gracefully and avoid a panic?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Avoid panic when the encrypted data has wrong size for CBC fformica/gosaml2
1 participant
@fformica