Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

panic on crypto/cipher: input not full blocks #193

Open
fformica opened this issue Jun 4, 2024 · 0 comments · May be fixed by #195
Open

panic on crypto/cipher: input not full blocks #193

fformica opened this issue Jun 4, 2024 · 0 comments · May be fixed by #195

Comments

@fformica
Copy link

fformica commented Jun 4, 2024

Hi, we tried switching a python implementation of our SAML client with this go library, and one of our users managed to trigger a panic:

runtime.gopanic
	/usr/local/go/src/runtime/panic.go:770
crypto/cipher.(*cbcDecrypter).CryptBlocks
	/usr/local/go/src/crypto/cipher/cbc.go:145
github.com/russellhaering/gosaml2/types.(*EncryptedAssertion).DecryptBytes
	/gomod-cache/github.com/russellhaering/[email protected]/types/encrypted_assertion.go:68
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).decryptAssertions.func1
	/gomod-cache/github.com/russellhaering/[email protected]/decode_response.go:176
github.com/russellhaering/goxmldsig/etreeutils.NSFindIterateCtx.func1
	/gomod-cache/github.com/russellhaering/[email protected]/etreeutils/namespace.go:299
github.com/russellhaering/goxmldsig/etreeutils.NSTraverse
	/gomod-cache/github.com/russellhaering/[email protected]/etreeutils/namespace.go:167
github.com/russellhaering/goxmldsig/etreeutils.NSTraverse
	/gomod-cache/github.com/russellhaering/[email protected]/etreeutils/namespace.go:174
github.com/russellhaering/goxmldsig/etreeutils.NSFindIterateCtx
	/gomod-cache/github.com/russellhaering/[email protected]/etreeutils/namespace.go:286
github.com/russellhaering/goxmldsig/etreeutils.NSFindIterate
	/gomod-cache/github.com/russellhaering/[email protected]/etreeutils/namespace.go:275
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).decryptAssertions
	/gomod-cache/github.com/russellhaering/[email protected]/decode_response.go:196
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).ValidateEncodedResponse
	/gomod-cache/github.com/russellhaering/[email protected]/decode_response.go:287
github.com/russellhaering/gosaml2.(*SAMLServiceProvider).RetrieveAssertionInfo
	/gomod-cache/github.com/russellhaering/[email protected]/retrieve_assertion.go:54

We didn't log the SAML response, unfortunately, but could the condition be anticipated in order to fail gracefully and avoid a panic?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant