Skip to content

Fix IDX10816 decompression failure for large JWE payloads in DeflateCompressionProvider #3286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Aug 6, 2025
Merged

Fix IDX10816 decompression failure for large JWE payloads in DeflateCompressionProvider #3286

merged 10 commits into from
Aug 6, 2025

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Aug 4, 2025
edited
Loading

Problem

The DeflateCompressionProvider.Decompress method was incorrectly throwing IDX10816 errors for large but valid JWE payloads during deflation. This occurred because StreamReader.Read() is not guaranteed to return the maximum number of characters requested, even when more data is available.

The original code performed a single read operation:

int bytesRead = reader.Read(chars, 0, MaximumDeflateSize);
if (reader.Peek() != -1) // This would incorrectly trigger for large payloads
{
    throw new SecurityTokenDecompressionFailedException(IDX10816);
}

When decompressing large payloads, the single Read() call would often return fewer characters than the available data, causing reader.Peek() to detect remaining data and incorrectly conclude the payload exceeded the size limit.

Solution

Modified the decompression logic to read from the stream in a loop until all data is consumed or the maximum size is reached:

int totalCharsRead = 0;
int charsRead;

// Read from the stream until all data is consumed or max size is reached
while (totalCharsRead <= MaximumDeflateSize && (charsRead = reader.Read(chars, totalCharsRead, MaximumDeflateSize - totalCharsRead)) > 0)
{
    totalCharsRead += charsRead;
}

// Only throw error if there's actually more data after reaching the limit
if (reader.Peek() != -1)
{
    throw new SecurityTokenDecompressionFailedException(IDX10816);
}

Testing

Added comprehensive unit tests in DeflateCompressionProviderTests.cs:

The fix ensures that:

  • Large valid payloads decompress successfully
  • The size limit is still properly enforced for truly oversized payloads
  • No regression for smaller payloads

Fixes #2516.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@Copilot Copilot AI changed the title [WIP] [Bug] Decryption of larger payload JWE fails with IDX10816 during deflation in DeflateCompressionProvider.cs Fix IDX10816 decompression failure for large JWE payloads in DeflateCompressionProvider Aug 4, 2025
@Copilot Copilot AI requested a review from pmaytak August 4, 2025 20:59
Copilot finished work on behalf of pmaytak August 4, 2025 20:59
pmaytak
pmaytak reviewed Aug 5, 2025
View reviewed changes
pmaytak
pmaytak reviewed Aug 5, 2025
View reviewed changes
@Copilot Copilot AI requested a review from pmaytak August 5, 2025 19:54
Copilot finished work on behalf of pmaytak August 5, 2025 19:54
Copilot finished work on behalf of pmaytak August 5, 2025 20:00
pmaytak
pmaytak reviewed Aug 5, 2025
View reviewed changes
@Copilot Copilot AI requested a review from pmaytak August 5, 2025 20:14
Copilot finished work on behalf of pmaytak August 5, 2025 20:14
@Copilot Copilot AI requested a review from pmaytak August 5, 2025 22:47
Copilot finished work on behalf of pmaytak August 5, 2025 22:47
This was referenced Sep 8, 2025
Closed
Closed
Open
Open
Closed
Closed
Open
Merged
Closed
This was referenced Sep 15, 2025
Closed
Open
Merged
Closed
Open
Closed
Merged
Open
Closed
Closed
This was referenced Sep 25, 2025
Closed
Closed
Open
Open
Closed
Open
Closed
This was referenced Oct 3, 2025
Open
Closed
Closed
@dependabot dependabot bot mentioned this pull request Oct 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GeoK GeoK GeoK approved these changes

@FuPingFranco FuPingFranco FuPingFranco approved these changes

@keegan-caruso keegan-caruso keegan-caruso approved these changes

+1 more reviewer

@pmaytak pmaytak pmaytak approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pmaytak pmaytak

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Decryption of larger payload JWE fails with IDX10816 during deflation in DeflateCompressionProvider.cs

5 participants

@Copilot @GeoK @pmaytak @FuPingFranco @keegan-caruso