Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

/createRoom: "UnicodeEncodeError" and Internal server error when having specific garbage in id_access_token of a 3pid invite #13512

Open
MTRNord opened this issue Aug 11, 2022 · 1 comment
Open

/createRoom: "UnicodeEncodeError" and Internal server error when having specific garbage in id_access_token of a 3pid invite #13512

MTRNord opened this issue Aug 11, 2022 · 1 comment
Labels
A-Create-Room A-Validation 500 (mostly) errors due to lack of event/parameter validation O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
Milestone
Validate data pas...

Comments

@MTRNord
Copy link
Contributor

MTRNord commented Aug 11, 2022

Description

When sending some unicode characters in a 3pid invite on /_matrix/client/v3/createRoom the server returns an "Internal server error".

Such an invalid invite can be: {"invite_3pid":[{"address":"localhost","id_access_token":"c��","id_server":"","medium":""}],"name":""}

Confusing enough, the room actually will be created. However, no invite is issued.

Steps to reproduce

  • Send an invalid 3pid invite (see above for an example) to the createRoom endpoint.

Homeserver

localhost

Synapse Version

{"server_version":"1.64.0","python_version":"3.9.13"}

Installation Method

Docker (matrixdotorg/synapse)

Platform

Kubernetes with postgres and the official docker image

Relevant log output

2022-08-11 22:41:50,084 - synapse.http.client - 455 - INFO - POST-8133- Error sending request to  GET https:///_matrix/identity/v2/hash_details?access_token=<redacted>: ValueError invalid hostname: 
2022-08-11 22:41:50,084 - synapse.handlers.identity - 632 - WARNING - POST-8133- Error when looking up hashing details: invalid hostname: 
2022-08-11 22:41:50,088 - synapse.http.server - 183 - ERROR - POST-8133- Failed handle request via 'RoomCreateRestServlet': <XForwardedForRequest at 0x7f28acd01190 method='POST' uri='/_matrix/client/v3/createRoom' clientproto='HTTP/1.1' site='8008'>
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/twisted/internet/defer.py", line 1660, in _inlineCallbacks
    result = current_context.run(gen.send, result)
StopIteration: {('m.room.create', ''): '$5z43xevRXglYCpB0aEaT8kl_4jLMENhOIGHQGk4E3wE', ('m.room.join_rules', ''): '$4d4a3uZvsS-_7N9QPQjMV7to3svMroxwHDhFBZD-iww', ('m.room.name', ''): '$3KU_XxJUR0mQmOMe64WbSOcohDbBYo0rb7SR7gwKoJA', ('m.room.member', '@fuzzer:localhost'): '$h9EIRCWvHHGChajNL_BLQ5NIo27b6drGsU-YPocIQxU'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/synapse/http/server.py", line 366, in _async_render_wrapper
    callback_return = await self._async_render(request)
  File "/usr/local/lib/python3.9/site-packages/synapse/http/server.py", line 572, in _async_render
    callback_return = await raw_callback_return
  File "/usr/local/lib/python3.9/site-packages/synapse/rest/client/room.py", line 91, in on_POST
    info, _ = await self._room_creation_handler.create_room(
  File "/usr/local/lib/python3.9/site-packages/synapse/handlers/room.py", line 990, in create_room
    ) = await self.hs.get_room_member_handler().do_3pid_invite(
  File "/usr/local/lib/python3.9/site-packages/synapse/handlers/room_member.py", line 1469, in do_3pid_invite
    event, stream_id = await self._make_and_store_3pid_invite(
  File "/usr/local/lib/python3.9/site-packages/synapse/handlers/room_member.py", line 1553, in _make_and_store_3pid_invite
    ) = await self.identity_handler.ask_id_server_for_third_party_invite(
  File "/usr/local/lib/python3.9/site-packages/synapse/handlers/identity.py", line 865, in ask_id_server_for_third_party_invite
    {"Authorization": create_id_access_token_header(id_access_token)},
  File "/usr/local/lib/python3.9/site-packages/synapse/handlers/identity.py", line 944, in create_id_access_token_header
    bearer_token.encode("ascii")
UnicodeEncodeError: 'ascii' codec can't encode characters in position 8-9: ordinal not in range(128)

Anything else that would be useful to know?

No response
@DMRobertson
Copy link
Contributor

https://www.rfc-editor.org/rfc/rfc6750.html#page-5 gives a grammar for bearer tokens. We could enforce this in Synapse, but I'm not sure if it's Synapse's job or the identity server's to enforce t hat.

@DMRobertson DMRobertson added A-Validation 500 (mostly) errors due to lack of event/parameter validation S-Tolerable Minor significance, cosmetic issues, low or no impact to users. P4 (OBSOLETE: use S- labels.) Okay backlog: will not schedule, will accept patches T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. labels Aug 11, 2022
@babolivier babolivier added O-Uncommon Most users are unlikely to come across this or unexpected workflow and removed P4 (OBSOLETE: use S- labels.) Okay backlog: will not schedule, will accept patches labels Aug 24, 2022
@DMRobertson DMRobertson changed the title "UnicodeEncodeError" and Internal server error when having specific garbage in id_access_token of a 3pid invite /createRoom: "UnicodeEncodeError" and Internal server error when having specific garbage in id_access_token of a 3pid invite Oct 14, 2022
@matrixbot matrixbot mentioned this issue Dec 21, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
A-Create-Room A-Validation 500 (mostly) errors due to lack of event/parameter validation O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
Projects
None yet
Milestone
Validate data passed to REST endpoints
Development

No branches or pull requests
3 participants
@MTRNord @babolivier @DMRobertson