oss/conduit
oss/conduit
1
0
Fork 0
mirror of https://gitlab.com/famedly/conduit.git synced 2025-08-11 17:50:59 +00:00
Code Wiki Activity

fix: some edge-cases causing panics

Browse source 
- if servers don't send signatures, it could cause a panic
- clients sending invalid or non-canonical json could cause a panic
This commit is contained in:
Matthias Ahouansou 2025-07-25 19:11:04 +01:00
parent ed5b0514f5
commit a7513cef7f
No known key found for this signature in database
2 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/service/rooms/helpers/mod.rs
View file

@ -141,17 +141,17 @@ impl Service {
)); ));
} }
match signed_value["signatures"] match signed_value
.get("signatures")
.ok_or("server did not return any signatures")
.and_then(|signatures| {
signatures
.as_object() .as_object()
.ok_or(Error::BadRequest( .ok_or("Server sent invalid signatures type")
ErrorKind::InvalidParam, })
"Server sent invalid signatures type",
))
.and_then(|e| { .and_then(|e| {
e.get(remote_server.as_str()).ok_or(Error::BadRequest( e.get(remote_server.as_str())
ErrorKind::InvalidParam, .ok_or("Server did not send its signature")
"Server did not send its signature",
))
}) { }) {
Ok(signature) => { Ok(signature) => {
join_event join_event

5
src/service/rooms/timeline/mod.rs
View file

@ -783,8 +783,9 @@ impl Service {
} }
// Hash and sign // Hash and sign
let mut pdu_json = let mut pdu_json = utils::to_canonical_object(&pdu).map_err(|_| {
utils::to_canonical_object(&pdu).expect("event is valid, we just created it"); Error::BadRequest(ErrorKind::InvalidParam, "Event content provided is invalid")
})?;
pdu_json.remove("event_id"); pdu_json.remove("event_id");