oidc: avoid slice panic in getCookieName for short values

A malformed short nonce no longer panics; it yields a non-matching name.
This commit is contained in:
Kristoffer Dalby
2026-06-05 15:19:27 +00:00
committed by Kristoffer Dalby
parent 99ad555d64
commit 0921972f96
2 changed files with 27 additions and 5 deletions
+7 -5
View File
@@ -919,12 +919,14 @@ func renderAuthSuccessTemplate(
return bytes.NewBufferString(templates.AuthSuccess(result).Render())
}
// getCookieName generates a unique cookie name based on a cookie value.
// Callers must ensure value has at least [cookieNamePrefixLen] bytes;
// [extractCodeAndStateParamFromRequest] enforces this for the state
// parameter, and [setCSRFCookie] always supplies a 64-byte random value.
// getCookieName generates a unique cookie name based on a cookie value. It
// uses at most [cookieNamePrefixLen] bytes of value, and fewer if value is
// shorter, so a short value (e.g. a malformed nonce from a misbehaving IdP)
// yields a non-matching name rather than panicking with slice-out-of-range.
func getCookieName(baseName, value string) string {
return fmt.Sprintf("%s_%s", baseName, value[:cookieNamePrefixLen])
n := min(len(value), cookieNamePrefixLen)
return fmt.Sprintf("%s_%s", baseName, value[:n])
}
func setCSRFCookie(w http.ResponseWriter, r *http.Request, name string) (string, error) {
+20
View File
@@ -0,0 +1,20 @@
package hscontrol
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// TestGetCookieNameShortValue ensures a value shorter than the prefix length
// (e.g. a malformed nonce from a misbehaving IdP) does not panic with
// slice-out-of-range; it uses the available bytes instead.
func TestGetCookieNameShortValue(t *testing.T) {
require.NotPanics(t, func() {
assert.Equal(t, "nonce_ab", getCookieName("nonce", "ab"))
})
assert.Equal(t, "nonce_abcdef", getCookieName("nonce", "abcdef"))
assert.Equal(t, "nonce_abcdef", getCookieName("nonce", "abcdefghij"))
}