Add max size for other HTTP calls.

matrix-org · Mar 17, 2021 · f56eee3 · f56eee3
1 parent 0523511
commit f56eee3
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/sydent/hs_federation/verifier.py b/sydent/hs_federation/verifier.py
@@ -69,7 +69,7 @@ def _getKeysForServer(self, server_name):
                 defer.returnValue(self.cache[server_name]['verify_keys'])
 
         client = FederationHttpClient(self.sydent)
-        result = yield client.get_json("matrix://%s/_matrix/key/v2/server/" % server_name)
+        result = yield client.get_json("matrix://%s/_matrix/key/v2/server/" % server_name, 1024 * 50)
         if 'verify_keys' not in result:
             raise SignatureVerifyException("No key found in response")
 

diff --git a/sydent/http/httpclient.py b/sydent/http/httpclient.py
@@ -25,6 +25,7 @@
 from sydent.http.matrixfederationagent import MatrixFederationAgent
 
 from sydent.http.federation_tls_options import ClientTLSOptionsFactory
+from sydent.http.httpcommon import BodyExceededMaxSize, read_body_with_max_size
 
 logger = logging.getLogger(__name__)
 
@@ -34,12 +35,15 @@ class HTTPClient(object):
     requests.
     """
     @defer.inlineCallbacks
-    def get_json(self, uri):
+    def get_json(self, uri, max_size = None):
         """Make a GET request to an endpoint returning JSON and parse result
 
         :param uri: The URI to make a GET request to.
         :type uri: unicode
 
+        :param max_size: The maximum size (in bytes) to allow as a response.
+        :type max_size: int
+
         :return: A deferred containing JSON parsed into a Python object.
         :rtype: twisted.internet.defer.Deferred[dict[any, any]]
         """
@@ -49,7 +53,7 @@ def get_json(self, uri):
             b"GET",
             uri.encode("utf8"),
         )
-        body = yield readBody(response)
+        body = yield read_body_with_max_size(response, max_size)
         try:
             # json.loads doesn't allow bytes in Python 3.5
             json_body = json.loads(body.decode("UTF-8"))
@@ -94,7 +98,11 @@ def post_json_get_nothing(self, uri, post_json, opts):
         # Ensure the body object is read otherwise we'll leak HTTP connections
         # as per
         # https://twistedmatrix.com/documents/current/web/howto/client.html
-        yield readBody(response)
+        try:
+            # TODO Will this cause the server to think the request was a failure?
+            yield read_body_with_max_size(response, 0)
+        except BodyExceededMaxSize:
+            pass
 
         defer.returnValue(response)
 

diff --git a/sydent/http/servlets/registerservlet.py b/sydent/http/servlets/registerservlet.py
@@ -51,6 +51,7 @@ def render_POST(self, request):
             "matrix://%s/_matrix/federation/v1/openid/userinfo?access_token=%s" % (
                 args['matrix_server_name'], urllib.parse.quote(args['access_token']),
             ),
+            1024 * 5,
         )
         if 'sub' not in result:
             raise Exception("Invalid response from homeserver")