validate room alias before interacting with the room directory (#13106)

matrix-org · Jun 22, 2022 · d549099 · d549099
1 parent f33356e
commit d549099
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/changelog.d/13106.bugfix b/changelog.d/13106.bugfix
@@ -0,0 +1 @@
+Fix a long-standing bug where room directory requests would cause an internal server error if given a malformed room alias.
diff --git a/synapse/rest/client/directory.py b/synapse/rest/client/directory.py
@@ -46,6 +46,8 @@ def __init__(self, hs: "HomeServer"):
         self.auth = hs.get_auth()
 
     async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict]:
+        if not RoomAlias.is_valid(room_alias):
+            raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
         room_alias_obj = RoomAlias.from_string(room_alias)
 
         res = await self.directory_handler.get_association(room_alias_obj)
@@ -55,6 +57,8 @@ async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict
     async def on_PUT(
         self, request: SynapseRequest, room_alias: str
     ) -> Tuple[int, JsonDict]:
+        if not RoomAlias.is_valid(room_alias):
+            raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
         room_alias_obj = RoomAlias.from_string(room_alias)
 
         content = parse_json_object_from_request(request)
@@ -89,6 +93,8 @@ async def on_PUT(
     async def on_DELETE(
         self, request: SynapseRequest, room_alias: str
     ) -> Tuple[int, JsonDict]:
+        if not RoomAlias.is_valid(room_alias):
+            raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
         room_alias_obj = RoomAlias.from_string(room_alias)
         requester = await self.auth.get_user_by_req(request)
 

diff --git a/tests/rest/client/test_directory.py b/tests/rest/client/test_directory.py
@@ -215,6 +215,19 @@ def set_alias_via_directory(
         self.assertEqual(channel.code, expected_code, channel.result)
         return alias
 
+    def test_invalid_alias(self) -> None:
+        alias = "#potato"
+        channel = self.make_request(
+            "GET",
+            f"/_matrix/client/r0/directory/room/{alias}",
+            access_token=self.user_tok,
+        )
+        self.assertEqual(channel.code, HTTPStatus.BAD_REQUEST, channel.result)
+        self.assertIn("error", channel.json_body, channel.json_body)
+        self.assertEqual(
+            channel.json_body["errcode"], "M_INVALID_PARAM", channel.json_body
+        )
+
     def random_alias(self, length: int) -> str:
         return RoomAlias(random_string(length), self.hs.hostname).to_string()
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fix a long-standing bug where room directory requests would cause an internal server error if given a malformed room alias.