From 83e3403ae1061250a6e316e032ebacad477b63b8 Mon Sep 17 00:00:00 2001
From: Ross Kinder <ross@kndr.org>
Date: Mon, 30 Nov 2015 15:31:17 -0500
Subject: [PATCH] xmlenc: strip weird trailing 0x01 byte found in SAML
 responses when decrypting (HACK)

---
 xmlenc/xmlenc.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/xmlenc/xmlenc.go b/xmlenc/xmlenc.go
index 70f8bf0..63f9c3a 100644
--- a/xmlenc/xmlenc.go
+++ b/xmlenc/xmlenc.go
@@ -146,6 +146,17 @@ func decryptEncryptedData(key []byte, d *encryptedData) ([]byte, error) {
 	mode := cipher.NewCBCDecrypter(blockCipher, iv)
 	mode.CryptBlocks(ciphertext, ciphertext)
 
+	// I've noticed a trailing 0x01 byte in the plaintext
+	// which I cannot explain and which breaks things downstream.
+	// Lacking a better option, we'll strip it here. There are
+	// probably loads of better ways to handle this, not least of
+	// which is to figure out where that strange byte is coming
+	// from.
+	// TODO(ross): figure out where this comes from
+	if ciphertext[len(ciphertext)-1] == 0x1 {
+		ciphertext = ciphertext[:len(ciphertext)-1]
+	}
+
 	return ciphertext, nil
 }