internal/sessions: error if session too large

2025-05-30 17:37:25 +02:00 · 2019-07-06 11:34:49 -07:00 · 2019-07-06 11:34:49 -07:00 · 63043dec9c
commit 63043dec9c
parent 10a1d2fd7e
4 changed files with 53 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,8 +16,9 @@

 - Fixed HEADERS environment variable parsing [GH-188]
 - Fixed Azure group lookups [GH-190]
+- If a session is too large (over 4096 bytes) Pomerium will no longer fail silently. [GH-211]

-## v0.0.5
+  ## v0.0.5

 ### NEW

--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@ -278,7 +278,7 @@ func (a *Authenticate) getOAuthCallback(w http.ResponseWriter, r *http.Request)

 	if err := a.sessionStore.SaveSession(w, r, session); err != nil {
 		log.Error().Err(err).Msg("authenticate: failed saving new session")
-		return "", httputil.Error{Code: http.StatusInternalServerError, Message: "Internal Error"}
+		return "", httputil.Error{Code: http.StatusInternalServerError, Message: err.Error()}
 	}

 	return redirect, nil
--- a/internal/sessions/session_state.go
+++ b/internal/sessions/session_state.go
@ -11,6 +11,8 @@ import (
 	"github.com/pomerium/pomerium/internal/cryptutil"
 )

+const MaxCookieSize = 4096
+
 var (
 	// ErrLifetimeExpired is an error for the lifetime deadline expiring
 	ErrLifetimeExpired = errors.New("user lifetime expired")
@ -87,7 +89,14 @@ func isExpired(t time.Time) bool {
 // MarshalSession marshals the session state as JSON, encrypts the JSON using the
 // given cipher, and base64-encodes the result
 func MarshalSession(s *SessionState, c cryptutil.Cipher) (string, error) {
-	return c.Marshal(s)
+	v, err := c.Marshal(s)
+	if err != nil {
+		return "", err
+	}
+	if len(v) >= MaxCookieSize {
+		return "", fmt.Errorf("session too large, got %d bytes", len(v))
+	}
+	return v, nil
 }

 // UnmarshalSession takes the marshaled string, base64-decodes into a byte slice, decrypts the
--- a/internal/sessions/session_state_test.go
+++ b/internal/sessions/session_state_test.go
@ -1,10 +1,12 @@
 package sessions

 import (
+	"crypto/rand"
 	"reflect"
 	"testing"
 	"time"

+	"github.com/google/go-cmp/cmp"
 	"github.com/pomerium/pomerium/internal/cryptutil"
 )

@ -138,3 +140,41 @@ func TestSessionState_Impersonating(t *testing.T) {
 		})
 	}
 }
+
+func TestMarshalSession(t *testing.T) {
+	secret := cryptutil.GenerateKey()
+	c, err := cryptutil.NewCipher([]byte(secret))
+	if err != nil {
+		t.Fatalf("expected to be able to create cipher: %v", err)
+	}
+	hugeString := make([]byte, 4097)
+	if _, err := rand.Read(hugeString); err != nil {
+		t.Fatal(err)
+	}
+	tests := []struct {
+		name    string
+		s       *SessionState
+		wantErr bool
+	}{
+		{"simple", &SessionState{}, false},
+		{"too big", &SessionState{AccessToken: string(hugeString)}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			in, err := MarshalSession(tt.s, c)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("MarshalSession() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if err == nil {
+				out, err := UnmarshalSession(in, c)
+				if err != nil {
+					t.Fatalf("expected to be decode session: %v", err)
+				}
+				if diff := cmp.Diff(tt.s, out); diff != "" {
+					t.Errorf("MarshalSession() = %s", diff)
+				}
+			}
+		})
+	}
+}