Validate federation destinations and log an error if server name is i…

…nvalid. (#13318)
matrix-org · Jul 20, 2022 · a1b62af · a1b62af
1 parent d399504
commit a1b62af
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/changelog.d/13318.misc b/changelog.d/13318.misc
@@ -0,0 +1 @@
+Validate federation destinations and log an error if a destination is invalid.
diff --git a/synapse/http/matrixfederationclient.py b/synapse/http/matrixfederationclient.py
@@ -79,6 +79,7 @@
 from synapse.util import json_decoder
 from synapse.util.async_helpers import AwakenableSleeper, timeout_deferred
 from synapse.util.metrics import Measure
+from synapse.util.stringutils import parse_and_validate_server_name
 
 if TYPE_CHECKING:
     from synapse.server import HomeServer
@@ -479,6 +480,14 @@ async def _send_request(
             RequestSendFailed: If there were problems connecting to the
                 remote, due to e.g. DNS failures, connection timeouts etc.
         """
+        # Validate server name and log if it is an invalid destination, this is
+        # partially to help track down code paths where we haven't validated before here
+        try:
+            parse_and_validate_server_name(request.destination)
+        except ValueError:
+            logger.exception(f"Invalid destination: {request.destination}.")
+            raise FederationDeniedError(request.destination)
+
         if timeout:
             _sec_timeout = timeout / 1000
         else:

diff --git a/tests/federation/test_federation_client.py b/tests/federation/test_federation_client.py
@@ -102,7 +102,7 @@ def test_get_room_state(self):
         # now fire off the request
         state_resp, auth_resp = self.get_success(
             self.hs.get_federation_client().get_room_state(
-                "yet_another_server",
+                "yet.another.server",
                 test_room_id,
                 "event_id",
                 RoomVersions.V9,
@@ -112,7 +112,7 @@ def test_get_room_state(self):
         # check the right call got made to the agent
         self._mock_agent.request.assert_called_once_with(
             b"GET",
-            b"matrix://yet_another_server/_matrix/federation/v1/state/%21room_id?event_id=event_id",
+            b"matrix://yet.another.server/_matrix/federation/v1/state/%21room_id?event_id=event_id",
             headers=mock.ANY,
             bodyProducer=None,
         )