Merge branch '5.8.x' into 6.2.x

jzheaux · jzheaux · commit addc7c53b25f · 2024-10-24T11:56:16.000-06:00
Closes gh-15985
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -73,6 +73,9 @@ public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse r
 			return null;
 		}
 		String originalURI = decodeCookie(savedRequestCookie.getValue());
+		if (originalURI == null) {
+			return null;
+		}
 		UriComponents uriComponents = UriComponentsBuilder.fromUriString(originalURI).build();
 		DefaultSavedRequest.Builder builder = new DefaultSavedRequest.Builder();
 		int port = getPort(uriComponents);
@@ -122,8 +125,14 @@ private static String encodeCookie(String cookieValue) {
 		return Base64.getEncoder().encodeToString(cookieValue.getBytes());
 	}
 
-	private static String decodeCookie(String encodedCookieValue) {
-		return new String(Base64.getDecoder().decode(encodedCookieValue.getBytes()));
+	private String decodeCookie(String encodedCookieValue) {
+		try {
+			return new String(Base64.getDecoder().decode(encodedCookieValue.getBytes()));
+		}
+		catch (IllegalArgumentException ex) {
+			this.logger.debug("Failed decode cookie value " + encodedCookieValue);
+			return null;
+		}
 	}
 
 	private static String getCookiePath(HttpServletRequest request) {
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -212,4 +212,14 @@ private static String decodeCookie(String encodedCookieValue) {
 		return new String(Base64.getDecoder().decode(encodedCookieValue.getBytes()));
 	}
 
+	// gh-15905
+	@Test
+	public void illegalCookieValueReturnNull() {
+		CookieRequestCache cookieRequestCache = new CookieRequestCache();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, "123^456"));
+		SavedRequest savedRequest = cookieRequestCache.getRequest(request, new MockHttpServletResponse());
+		assertThat(savedRequest).isNull();
+	}
+
 }
