Improved validation for received requests (#9817)

* Simplify `start_listening` callpath * Correctly check the size of uploaded files
2025-08-09 20:12:13 -04:00 · 2021-04-23 19:20:44 +01:00 · 2021-04-23 19:20:44 +01:00 · 3ff2251754
commit 3ff2251754
parent 84936e2264
15 changed files with 174 additions and 31 deletions
--- a/synapse/http/site.py
+++ b/synapse/http/site.py
@ -14,7 +14,7 @@
 import contextlib
 import logging
 import time
-from typing import Optional, Tuple, Type, Union
+from typing import Optional, Tuple, Union

 import attr
 from zope.interface import implementer
@ -50,6 +50,7 @@ class SynapseRequest(Request):
     * Redaction of access_token query-params in __repr__
     * Logging at start and end
     * Metrics to record CPU, wallclock and DB time by endpoint.
+     * A limit to the size of request which will be accepted

    It also provides a method `processing`, which returns a context manager. If this
    method is called, the request won't be logged until the context manager is closed;
@ -60,8 +61,9 @@ class SynapseRequest(Request):
        logcontext: the log context for this request
    """

-    def __init__(self, channel, *args, **kw):
+    def __init__(self, channel, *args, max_request_body_size=1024, **kw):
        Request.__init__(self, channel, *args, **kw)
+        self._max_request_body_size = max_request_body_size
        self.site = channel.site  # type: SynapseSite
        self._channel = channel  # this is used by the tests
        self.start_time = 0.0
@ -98,6 +100,18 @@ class SynapseRequest(Request):
            self.site.site_tag,
        )

+    def handleContentChunk(self, data):
+        # we should have a `content` by now.
+        assert self.content, "handleContentChunk() called before gotLength()"
+        if self.content.tell() + len(data) > self._max_request_body_size:
+            logger.warning(
+                "Aborting connection from %s because the request exceeds maximum size",
+                self.client,
+            )
+            self.transport.abortConnection()
+            return
+        super().handleContentChunk(data)
+
    @property
    def requester(self) -> Optional[Union[Requester, str]]:
        return self._requester
@ -505,6 +519,7 @@ class SynapseSite(Site):
        config: ListenerConfig,
        resource: IResource,
        server_version_string,
+        max_request_body_size: int,
        reactor: IReactorTime,
    ):
        """
@ -516,6 +531,8 @@ class SynapseSite(Site):
            resource:  The base of the resource tree to be used for serving requests on
                this site
            server_version_string: A string to present for the Server header
+            max_request_body_size: Maximum request body length to allow before
+                dropping the connection
            reactor: reactor to be used to manage connection timeouts
        """
        Site.__init__(self, resource, reactor=reactor)
@ -524,9 +541,14 @@ class SynapseSite(Site):

        assert config.http_options is not None
        proxied = config.http_options.x_forwarded
-        self.requestFactory = (
-            XForwardedForRequest if proxied else SynapseRequest
-        )  # type: Type[Request]
+        request_class = XForwardedForRequest if proxied else SynapseRequest
+
+        def request_factory(channel, queued) -> Request:
+            return request_class(
+                channel, max_request_body_size=max_request_body_size, queued=queued
+            )
+
+        self.requestFactory = request_factory  # type: ignore
        self.access_logger = logging.getLogger(logger_name)
        self.server_version_string = server_version_string.encode("ascii")