Matrix-Mirrors/synapse-product
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse-product.git synced 2024-10-01 08:25:44 -04:00
Code Issues Packages Projects Releases Wiki Activity

validate room alias before interacting with the room directory (#13106)

Browse Source
This commit is contained in:
santhoshivan23 2022-06-22 20:02:18 +05:30 committed by GitHub
parent f33356e8f8
commit d54909956e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/13106.bugfix Normal file
View File

@ -0,0 +1 @@
Fix a long-standing bug where room directory requests would cause an internal server error if given a malformed room alias.

6
synapse/rest/client/directory.py
View File

@ -46,6 +46,8 @@ class ClientDirectoryServer(RestServlet):
self.auth = hs.get_auth() self.auth = hs.get_auth()
async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict]: async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
room_alias_obj = RoomAlias.from_string(room_alias) room_alias_obj = RoomAlias.from_string(room_alias)
res = await self.directory_handler.get_association(room_alias_obj) res = await self.directory_handler.get_association(room_alias_obj)
@ -55,6 +57,8 @@ class ClientDirectoryServer(RestServlet):
async def on_PUT( async def on_PUT(
self, request: SynapseRequest, room_alias: str self, request: SynapseRequest, room_alias: str
) -> Tuple[int, JsonDict]: ) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
room_alias_obj = RoomAlias.from_string(room_alias) room_alias_obj = RoomAlias.from_string(room_alias)
content = parse_json_object_from_request(request) content = parse_json_object_from_request(request)
@ -89,6 +93,8 @@ class ClientDirectoryServer(RestServlet):
async def on_DELETE( async def on_DELETE(
self, request: SynapseRequest, room_alias: str self, request: SynapseRequest, room_alias: str
) -> Tuple[int, JsonDict]: ) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
room_alias_obj = RoomAlias.from_string(room_alias) room_alias_obj = RoomAlias.from_string(room_alias)
requester = await self.auth.get_user_by_req(request) requester = await self.auth.get_user_by_req(request)

13
tests/rest/client/test_directory.py
View File

@ -215,6 +215,19 @@ class DirectoryTestCase(unittest.HomeserverTestCase):
self.assertEqual(channel.code, expected_code, channel.result) self.assertEqual(channel.code, expected_code, channel.result)
return alias return alias
def test_invalid_alias(self) -> None:
alias = "#potato"
channel = self.make_request(
"GET",
f"/_matrix/client/r0/directory/room/{alias}",
access_token=self.user_tok,
)
self.assertEqual(channel.code, HTTPStatus.BAD_REQUEST, channel.result)
self.assertIn("error", channel.json_body, channel.json_body)
self.assertEqual(
channel.json_body["errcode"], "M_INVALID_PARAM", channel.json_body
)
def random_alias(self, length: int) -> str: def random_alias(self, length: int) -> str:
return RoomAlias(random_string(length), self.hs.hostname).to_string() return RoomAlias(random_string(length), self.hs.hostname).to_string()