From a7513cef7f46a8756fb71cf3fe903f65000de9b2 Mon Sep 17 00:00:00 2001 From: Matthias Ahouansou Date: Fri, 25 Jul 2025 19:11:04 +0100 Subject: [PATCH] fix: some edge-cases causing panics - if servers don't send signatures, it could cause a panic - clients sending invalid or non-canonical json could cause a panic --- src/service/rooms/helpers/mod.rs | 20 ++++++++++---------- src/service/rooms/timeline/mod.rs | 5 +++-- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/service/rooms/helpers/mod.rs b/src/service/rooms/helpers/mod.rs index 08f65039..556871aa 100644 --- a/src/service/rooms/helpers/mod.rs +++ b/src/service/rooms/helpers/mod.rs @@ -141,17 +141,17 @@ impl Service { )); } - match signed_value["signatures"] - .as_object() - .ok_or(Error::BadRequest( - ErrorKind::InvalidParam, - "Server sent invalid signatures type", - )) + match signed_value + .get("signatures") + .ok_or("server did not return any signatures") + .and_then(|signatures| { + signatures + .as_object() + .ok_or("Server sent invalid signatures type") + }) .and_then(|e| { - e.get(remote_server.as_str()).ok_or(Error::BadRequest( - ErrorKind::InvalidParam, - "Server did not send its signature", - )) + e.get(remote_server.as_str()) + .ok_or("Server did not send its signature") }) { Ok(signature) => { join_event diff --git a/src/service/rooms/timeline/mod.rs b/src/service/rooms/timeline/mod.rs index e9975879..5a4dc3f7 100644 --- a/src/service/rooms/timeline/mod.rs +++ b/src/service/rooms/timeline/mod.rs @@ -783,8 +783,9 @@ impl Service { } // Hash and sign - let mut pdu_json = - utils::to_canonical_object(&pdu).expect("event is valid, we just created it"); + let mut pdu_json = utils::to_canonical_object(&pdu).map_err(|_| { + Error::BadRequest(ErrorKind::InvalidParam, "Event content provided is invalid") + })?; pdu_json.remove("event_id");