Validate federation destinations and log an error if server name is invalid. (#13318)

erikj/less_state_membership
Shay 2022-07-20 11:17:26 -07:00 committed by GitHub
parent d3995049a8
commit a1b62af2af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 2 deletions

1
changelog.d/13318.misc Normal file
View File

@ -0,0 +1 @@
Validate federation destinations and log an error if a destination is invalid.

View File

@ -79,6 +79,7 @@ from synapse.types import JsonDict
from synapse.util import json_decoder from synapse.util import json_decoder
from synapse.util.async_helpers import AwakenableSleeper, timeout_deferred from synapse.util.async_helpers import AwakenableSleeper, timeout_deferred
from synapse.util.metrics import Measure from synapse.util.metrics import Measure
from synapse.util.stringutils import parse_and_validate_server_name
if TYPE_CHECKING: if TYPE_CHECKING:
from synapse.server import HomeServer from synapse.server import HomeServer
@ -479,6 +480,14 @@ class MatrixFederationHttpClient:
RequestSendFailed: If there were problems connecting to the RequestSendFailed: If there were problems connecting to the
remote, due to e.g. DNS failures, connection timeouts etc. remote, due to e.g. DNS failures, connection timeouts etc.
""" """
# Validate server name and log if it is an invalid destination, this is
# partially to help track down code paths where we haven't validated before here
try:
parse_and_validate_server_name(request.destination)
except ValueError:
logger.exception(f"Invalid destination: {request.destination}.")
raise FederationDeniedError(request.destination)
if timeout: if timeout:
_sec_timeout = timeout / 1000 _sec_timeout = timeout / 1000
else: else:

View File

@ -102,7 +102,7 @@ class FederationClientTest(FederatingHomeserverTestCase):
# now fire off the request # now fire off the request
state_resp, auth_resp = self.get_success( state_resp, auth_resp = self.get_success(
self.hs.get_federation_client().get_room_state( self.hs.get_federation_client().get_room_state(
"yet_another_server", "yet.another.server",
test_room_id, test_room_id,
"event_id", "event_id",
RoomVersions.V9, RoomVersions.V9,
@ -112,7 +112,7 @@ class FederationClientTest(FederatingHomeserverTestCase):
# check the right call got made to the agent # check the right call got made to the agent
self._mock_agent.request.assert_called_once_with( self._mock_agent.request.assert_called_once_with(
b"GET", b"GET",
b"matrix://yet_another_server/_matrix/federation/v1/state/%21room_id?event_id=event_id", b"matrix://yet.another.server/_matrix/federation/v1/state/%21room_id?event_id=event_id",
headers=mock.ANY, headers=mock.ANY,
bodyProducer=None, bodyProducer=None,
) )