Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compressed messages.

Author: pitbulk

lib/onelogin/ruby-saml/saml_message.rb

@@ -97,10 +97,16 @@ def decode_raw_saml(saml)
 
         decoded = decode(saml)
         begin
-          inflate(decoded)
+            message = inflate(decoded)
         rescue
-          decoded
+            message = decoded
         end
+
+        if message.bytesize > MAX_BYTE_SIZE
+          raise ValidationError.new("Encoded SAML Message exceeds " + MAX_BYTE_SIZE.to_s + " bytes, so was rejected")
+        end
+
+        message
       end
 
       # Deflate, base64 encode and url-encode a SAML Message (To be used in the HTTP-redirect binding)