Merge pull request #6334 from matrix-org/rav/url_preview_limit_title_2

Fix exception when OpenGraph tag values are ints
2019-11-05 17:28:11 +00:00 · 2019-11-05 17:28:11 +00:00 · 5570d1c93f
parent 02f99906f2 81d49cbb07
commit 5570d1c93f
2 changed files with 3 additions and 1 deletions
--- a/changelog.d/6334.feature
+++ b/changelog.d/6334.feature
@ -0,0 +1 @@
+Limit the length of data returned by url previews, to prevent DoS attacks.
--- a/synapse/rest/media/v1/preview_url_resource.py
+++ b/synapse/rest/media/v1/preview_url_resource.py
@ -278,7 +278,8 @@ class PreviewUrlResource(DirectServeResource):
        # filter out any stupidly long values
        keys_to_remove = []
        for k, v in og.items():
-            if len(k) > OG_TAG_NAME_MAXLEN or len(v) > OG_TAG_VALUE_MAXLEN:
+            # values can be numeric as well as strings, hence the cast to str
+            if len(k) > OG_TAG_NAME_MAXLEN or len(str(v)) > OG_TAG_VALUE_MAXLEN:
                logger.warning(
                    "Pruning overlong tag %s from OG data", k[:OG_TAG_NAME_MAXLEN]
                )
				`@ -0,0 +1 @@`
				`Limit the length of data returned by url previews, to prevent DoS attacks.`