Skip to content

Commit

Permalink
Add CappedMemoryStream
Browse files Browse the repository at this point in the history
  • Loading branch information
@CrspyAu
CrspyAu committed Dec 12, 2024
1 parent 8132324 commit 0982e2e
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 8 deletions.
2 changes: 1 addition & 1 deletion UnitTests/SecurityVulnerabilitiesTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ public void DeflateBomb()

// when
Exception thrownException = Assert.Throws<JoseException>(() => Jose.JWT.Decode(bomb, privateKey));
Assert.IsAssignableFrom<NotSupportedException>(thrownException.InnerException);
Assert.IsType<NotSupportedException>(thrownException.InnerException);
}

[Fact]
Expand Down
12 changes: 5 additions & 7 deletions jose-jwt/compression/DeflateCompression.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,24 +28,22 @@ public byte[] Compress(byte[] plainText)

public byte[] Decompress(byte[] compressedText)
{
byte[] buffer = new byte[maxBufferSizeBytes];

try
{
using (MemoryStream ms = new MemoryStream(buffer))
using (MemoryStream ms = new CappedMemoryStream(maxBufferSizeBytes))
{
using (MemoryStream compressedStream = new MemoryStream(compressedText))
{
using (DeflateStream deflater = new DeflateStream(compressedStream, CompressionMode.Decompress))
{
deflater.CopyTo(ms);
}
}

return Arrays.Truncate(ms.ToArray(), ms.Position);
}

return ms.ToArray();
}
}
catch(NotSupportedException e)
catch (NotSupportedException e)
{
throw new JoseException("Unable to deflate compressed payload, most likely exceeded decompression buffer size.", e);
}
Expand Down

0 comments on commit 0982e2e

Please sign in to comment.