xmlenc: strip weird trailing 0x01 byte found in SAML responses when decrypting (HACK)

2015-11-30 15:31:17 -05:00
parent c9c47bc396
commit 83e3403ae1
1 changed files with 11 additions and 0 deletions
--- a/xmlenc/xmlenc.go
+++ b/xmlenc/xmlenc.go
@@ -146,6 +146,17 @@ func decryptEncryptedData(key []byte, d *encryptedData) ([]byte, error) {
 	mode := cipher.NewCBCDecrypter(blockCipher, iv)
 	mode.CryptBlocks(ciphertext, ciphertext)

+	// I've noticed a trailing 0x01 byte in the plaintext
+	// which I cannot explain and which breaks things downstream.
+	// Lacking a better option, we'll strip it here. There are
+	// probably loads of better ways to handle this, not least of
+	// which is to figure out where that strange byte is coming
+	// from.
+	// TODO(ross): figure out where this comes from
+	if ciphertext[len(ciphertext)-1] == 0x1 {
+		ciphertext = ciphertext[:len(ciphertext)-1]
+	}
+
 	return ciphertext, nil
 }