reject invalid UTF-8 (#1472)

* reject invalid UTF-8

Signed-off-by: Jonas Fentker <jonas@fentker.eu>

* update sytest-whitelist

Signed-off-by: Jonas Fentker <jonas@fentker.eu>

Co-authored-by: Kegsay <kegan@matrix.org>
This commit is contained in:
Pestdoktor 2020-10-09 10:15:51 +02:00 committed by GitHub
parent f3e8ae01ef
commit c4c8bfd027
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 29 additions and 10 deletions

View file

@ -16,7 +16,9 @@ package httputil
import ( import (
"encoding/json" "encoding/json"
"io/ioutil"
"net/http" "net/http"
"unicode/utf8"
"github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/clientapi/jsonerror"
"github.com/matrix-org/util" "github.com/matrix-org/util"
@ -25,7 +27,23 @@ import (
// UnmarshalJSONRequest into the given interface pointer. Returns an error JSON response if // UnmarshalJSONRequest into the given interface pointer. Returns an error JSON response if
// there was a problem unmarshalling. Calling this function consumes the request body. // there was a problem unmarshalling. Calling this function consumes the request body.
func UnmarshalJSONRequest(req *http.Request, iface interface{}) *util.JSONResponse { func UnmarshalJSONRequest(req *http.Request, iface interface{}) *util.JSONResponse {
if err := json.NewDecoder(req.Body).Decode(iface); err != nil { // encoding/json allows invalid utf-8, matrix does not
// https://matrix.org/docs/spec/client_server/r0.6.1#api-standards
body, err := ioutil.ReadAll(req.Body)
if err != nil {
util.GetLogger(req.Context()).WithError(err).Error("ioutil.ReadAll failed")
resp := jsonerror.InternalServerError()
return &resp
}
if !utf8.Valid(body) {
return &util.JSONResponse{
Code: http.StatusBadRequest,
JSON: jsonerror.NotJSON("Body contains invalid UTF-8"),
}
}
if err := json.Unmarshal(body, iface); err != nil {
// TODO: We may want to suppress the Error() return in production? It's useful when // TODO: We may want to suppress the Error() return in production? It's useful when
// debugging because an error will be produced for both invalid/malformed JSON AND // debugging because an error will be produced for both invalid/malformed JSON AND
// valid JSON with incorrect types for values. // valid JSON with incorrect types for values.

View file

@ -15,11 +15,11 @@
package routing package routing
import ( import (
"encoding/json"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"github.com/matrix-org/dendrite/clientapi/auth" "github.com/matrix-org/dendrite/clientapi/auth"
"github.com/matrix-org/dendrite/clientapi/httputil"
"github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/clientapi/jsonerror"
"github.com/matrix-org/dendrite/userapi/api" "github.com/matrix-org/dendrite/userapi/api"
userapi "github.com/matrix-org/dendrite/userapi/api" userapi "github.com/matrix-org/dendrite/userapi/api"
@ -121,9 +121,8 @@ func UpdateDeviceByID(
payload := deviceUpdateJSON{} payload := deviceUpdateJSON{}
if err := json.NewDecoder(req.Body).Decode(&payload); err != nil { if resErr := httputil.UnmarshalJSONRequest(req, &payload); resErr != nil {
util.GetLogger(req.Context()).WithError(err).Error("json.NewDecoder.Decode failed") return *resErr
return jsonerror.InternalServerError()
} }
var performRes api.PerformDeviceUpdateResponse var performRes api.PerformDeviceUpdateResponse
@ -211,9 +210,8 @@ func DeleteDevices(
ctx := req.Context() ctx := req.Context()
payload := devicesDeleteJSON{} payload := devicesDeleteJSON{}
if err := json.NewDecoder(req.Body).Decode(&payload); err != nil { if resErr := httputil.UnmarshalJSONRequest(req, &payload); resErr != nil {
util.GetLogger(ctx).WithError(err).Error("json.NewDecoder.Decode failed") return *resErr
return jsonerror.InternalServerError()
} }
defer req.Body.Close() // nolint: errcheck defer req.Body.Close() // nolint: errcheck

View file

@ -23,6 +23,7 @@ import (
appserviceAPI "github.com/matrix-org/dendrite/appservice/api" appserviceAPI "github.com/matrix-org/dendrite/appservice/api"
"github.com/matrix-org/dendrite/clientapi/api" "github.com/matrix-org/dendrite/clientapi/api"
"github.com/matrix-org/dendrite/clientapi/auth" "github.com/matrix-org/dendrite/clientapi/auth"
clientutil "github.com/matrix-org/dendrite/clientapi/httputil"
"github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/clientapi/jsonerror"
"github.com/matrix-org/dendrite/clientapi/producers" "github.com/matrix-org/dendrite/clientapi/producers"
eduServerAPI "github.com/matrix-org/dendrite/eduserver/api" eduServerAPI "github.com/matrix-org/dendrite/eduserver/api"
@ -659,8 +660,9 @@ func Setup(
SearchString string `json:"search_term"` SearchString string `json:"search_term"`
Limit int `json:"limit"` Limit int `json:"limit"`
}{} }{}
if err := json.NewDecoder(req.Body).Decode(&postContent); err != nil {
return util.ErrorResponse(err) if resErr := clientutil.UnmarshalJSONRequest(req, &postContent); resErr != nil {
return *resErr
} }
return *SearchUserDirectory( return *SearchUserDirectory(
req.Context(), req.Context(),

View file

@ -477,5 +477,6 @@ Inbound federation rejects invite rejections which include invalid JSON for room
GET /capabilities is present and well formed for registered user GET /capabilities is present and well formed for registered user
m.room.history_visibility == "joined" allows/forbids appropriately for Guest users m.room.history_visibility == "joined" allows/forbids appropriately for Guest users
m.room.history_visibility == "joined" allows/forbids appropriately for Real users m.room.history_visibility == "joined" allows/forbids appropriately for Real users
POST rejects invalid utf-8 in JSON
Users cannot kick users who have already left a room Users cannot kick users who have already left a room
A prev_batch token from incremental sync can be used in the v1 messages API A prev_batch token from incremental sync can be used in the v1 messages API