Skip to content

Commit

Permalink
Suppress ArrayIndexOutOfBoundsException in XorCsrfTokenRequestAttribu…
Browse files Browse the repository at this point in the history 
…teHandler

Closes gh-13310
  • Loading branch information
@RahulKumarNitP @jzheaux
RahulKumarNitP authored and jzheaux committed Aug 7, 2023
1 parent 75e0068 commit e21da06
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
5 changes: 4 additions & 1 deletion .../main/java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ private static String getTokenValue(String actualToken, String token) {
System.arraycopy(actualBytes, randomBytesSize, xoredCsrf, 0, tokenSize);

byte[] csrfBytes = xorCsrf(randomBytes, xoredCsrf);
return Utf8.decode(csrfBytes);
return (csrfBytes != null) ? Utf8.decode(csrfBytes) : null;
}

private static String createXoredCsrfToken(SecureRandom secureRandom, String token) {
Expand All @@ -114,6 +114,9 @@ private static String createXoredCsrfToken(SecureRandom secureRandom, String tok
}

private static byte[] xorCsrf(byte[] randomBytes, byte[] csrfBytes) {
if (csrfBytes.length < randomBytes.length) {
return null;
}
int len = Math.min(randomBytes.length, csrfBytes.length);
byte[] xoredCsrf = new byte[len];
System.arraycopy(csrfBytes, 0, xoredCsrf, 0, csrfBytes.length);
Expand Down
8 changes: 8 additions & 0 deletions .../java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandlerTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,14 @@ public void resolveCsrfTokenValueWhenHeaderAndParameterSetThenHeaderIsPreferred(
assertThat(tokenValue).isEqualTo(this.token.getToken());
}

@Test
public void resolveCsrfTokenIsInvalidThenReturnsNull() {
this.request.setParameter(this.token.getParameterName(), XOR_CSRF_TOKEN_VALUE);
CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "a");
String tokenValue = this.handler.resolveCsrfTokenValue(this.request, csrfToken);
assertThat(tokenValue).isNull();
}

private static Answer<Void> fillByteArray() {
return (invocation) -> {
byte[] bytes = invocation.getArgument(0);
Expand Down

0 comments on commit e21da06

Please sign in to comment.