From 6ce55e5383312efe5bcae520e2b356a0767eba03 Mon Sep 17 00:00:00 2001
From: Prateek Sachan <psachan@cs.iitr.ac.in>
Date: Sat, 1 Feb 2020 13:33:23 +0530
Subject: [PATCH] Added checks for JSON body in accounts_data endpoint

---
 clientapi/routing/account_data.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/clientapi/routing/account_data.go b/clientapi/routing/account_data.go
index bbc8c258e..56cddba8b 100644
--- a/clientapi/routing/account_data.go
+++ b/clientapi/routing/account_data.go
@@ -15,6 +15,7 @@
 package routing
 
 import (
+	"encoding/json"
 	"io/ioutil"
 	"net/http"
 
@@ -79,11 +80,26 @@ func SaveAccountData(
 
 	defer req.Body.Close() // nolint: errcheck
 
+	if req.Body == http.NoBody {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.NotJSON("Content not JSON"),
+		}
+	}
+
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
 		return httputil.LogThenError(req, err)
 	}
 
+	var rawJson json.RawMessage
+	if err = json.Unmarshal(body, &rawJson); err != nil {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("Bad JSON content"),
+		}
+	}
+
 	if err := accountDB.SaveAccountData(
 		req.Context(), localpart, roomID, dataType, string(body),
 	); err != nil {