Skip to content
Snippets Groups Projects
Unverified Commit 47d48a58 authored by Patrick Cloke's avatar Patrick Cloke Committed by GitHub
Browse files

Validate the server name for the /publicRooms endpoint. (#9161) 

If a remote server name is provided, ensure it is something reasonable
before making remote connections to it.
parent 94549771
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
changelog.d/9161.bugfix 0 → 100644
+ 1
0
View file @ 47d48a58
Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter.
synapse/rest/client/v1/room.py
+ 17
2
View file @ 47d48a58
...@@ -32,6 +32,7 @@ from synapse.api.errors import ( ...@@ -32,6 +32,7 @@ from synapse.api.errors import (
) )
from synapse.api.filtering import Filter from synapse.api.filtering import Filter
from synapse.events.utils import format_event_for_client_v2 from synapse.events.utils import format_event_for_client_v2
from synapse.http.endpoint import parse_and_validate_server_name
from synapse.http.servlet import ( from synapse.http.servlet import (
RestServlet, RestServlet,
assert_params_in_dict, assert_params_in_dict,
...@@ -347,8 +348,6 @@ class PublicRoomListRestServlet(TransactionRestServlet): ...@@ -347,8 +348,6 @@ class PublicRoomListRestServlet(TransactionRestServlet):
# provided. # provided.
if server: if server:
raise e raise e
else:
pass
limit = parse_integer(request, "limit", 0) limit = parse_integer(request, "limit", 0)
since_token = parse_string(request, "since", None) since_token = parse_string(request, "since", None)
...@@ -359,6 +358,14 @@ class PublicRoomListRestServlet(TransactionRestServlet): ...@@ -359,6 +358,14 @@ class PublicRoomListRestServlet(TransactionRestServlet):
handler = self.hs.get_room_list_handler() handler = self.hs.get_room_list_handler()
if server and server != self.hs.config.server_name: if server and server != self.hs.config.server_name:
# Ensure the server is valid.
try:
parse_and_validate_server_name(server)
except ValueError:
raise SynapseError(
400, "Invalid server name: %s" % (server,), Codes.INVALID_PARAM,
)
try: try:
data = await handler.get_remote_public_room_list( data = await handler.get_remote_public_room_list(
server, limit=limit, since_token=since_token server, limit=limit, since_token=since_token
...@@ -402,6 +409,14 @@ class PublicRoomListRestServlet(TransactionRestServlet): ...@@ -402,6 +409,14 @@ class PublicRoomListRestServlet(TransactionRestServlet):
handler = self.hs.get_room_list_handler() handler = self.hs.get_room_list_handler()
if server and server != self.hs.config.server_name: if server and server != self.hs.config.server_name:
# Ensure the server is valid.
try:
parse_and_validate_server_name(server)
except ValueError:
raise SynapseError(
400, "Invalid server name: %s" % (server,), Codes.INVALID_PARAM,
)
try: try:
data = await handler.get_remote_public_room_list( data = await handler.get_remote_public_room_list(
server, server,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment