Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compressed messages.

Author: pitbulk

lib/onelogin/ruby-saml/saml_message.rb

@@ -93,10 +93,16 @@ def decode_raw_saml(saml, settings = nil)
 
         decoded = decode(saml)
         begin
-          inflate(decoded)
+          message = inflate(decoded)
         rescue
-          decoded
+          message = decoded
         end
+
+        if message.bytesize > settings.message_max_bytesize
+          raise ValidationError.new("Encoded SAML Message exceeds " + settings.message_max_bytesize.to_s + " bytes, so was rejected")
+        end
+
+        message
       end
 
       # Deflate, base64 encode and url-encode a SAML Message (To be used in the HTTP-redirect binding)