Spring Security ArrayIndexOutOfBoundsException thrown when validating csrf token using CookieCsrfTokenRepository.In Version 6.2.3

Describe the bug ArrayIndexOutOfBoundsException thrown when validating csrf token using CookieCsrfTokenRepository A clear and concise description of what the bug is.

To Reproduce Configuring to use the CookieCsrfTokenRepository

                .csrf(config -> config
                        .csrfTokenRepository(new CookieCsrfTokenRepository()))

Initiate a request without a csrf token to get a csrf token.

> POST http://localhost:8080/signup
> content-type: application/json
> data {"username":"abc","password":"12345678"}
< 403
< set-cookie: XSRF-TOKEN=05929404-5a0f-4cec-96e3-e48f7d9d1009; Path=/; HttpOnly
< x-content-type-options: nosniff
< x-xss-protection: 0
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< pragma: no-cache
< expires: 0
< x-frame-options: DENY
< content-length: 0
< date: Sat, 13 Apr 2024 05:20:40 GMT
< connection: close

Pass base64 encoded csrf token via request header X-XSRF-TOKEN. throws ArrayIndexOutOfBoundsException.

> POST http://localhost:8080/signup
> X-XSRF-TOKEN: MDU5Mjk0MDQtNWEwZi00Y2VjLTk2ZTMtZTQ4ZjdkOWQxMDA5
> content-type: application/json
> data {"username":"abc","password":"12345678"}
< 403
< x-content-type-options: nosniff
< x-xss-protection: 0
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< pragma: no-cache
< expires: 0
< x-frame-options: DENY
< content-length: 0
< date: Sat, 13 Apr 2024 05:27:46 GMT
< connection: close

java.lang.ArrayIndexOutOfBoundsException: arraycopy: last destination index 36 out of bounds for byte[0]
    at java.base/java.lang.System.arraycopy(Native Method) ~[?:?]
    at org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler.xorCsrf(XorCsrfTokenRequestAttributeHandler.java:122) ~[spring-security-web-6.2.3.jar:6.2.3]

debug

In org.springframework.security.web.csrf XorCsrfTokenRequestAttributeHandler resolveCsrfTokenValue() - Line 92: same token encoded in base64 with same length randomBytesSize = 0 - Line 94: create randomBytes of size 0 - Line 99: pass randomBytes to xorCsrf() Spring Security ArrayIndexOutOfBoundsException thrown when validating csrf token using CookieCsrfTokenRepository.In Version 6.2.3 In xorCsrf() 120 Line: take the minimum of two array lengths 121 Line: create byte array with size 0 122 Line: Throw an exception

Expected behavior Able to execute successfully when passed the correct token.

Sample

Comment From: sjohnr

@pyyx thanks for the report. I believe this is a duplicate of gh-13310. While it is already resolved, there is a remaining issue being worked on in gh-14902. I'm going to close this as a duplicate.