Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Synapse allows invalid characters in the signature key id #8307

Open
Open
Synapse allows invalid characters in the signature key id#8307
Labels
A-Spec-Complianceplaces where synapse does not conform to the specA-Validation500 (mostly) errors due to lack of event/parameter validationS-MinorBlocks non-critical functionality, workarounds exist.S-TolerableMinor significance, cosmetic issues, low or no impact to users.T-DefectBugs, crashes, hangs, security vulnerabilities, or other reported issues.Z-CleanupThings we want to get rid of, but aren't actively causing pain
Milestone
Validate data passed to REST endpoints
@timokoesters

Description

@timokoesters
timokoesters
opened on Sep 13, 2020

Synapse seems to accept more characters in the signature key id than the spec allows (for example +).

In Matrix HQ there's an event with signatures like this:

        "signatures": {
            "solver.nu": {
                "ed25519:i+b2": "eodPQHXrns8Jk0XITTlaB61XdjxJW8uCi7paKqgrJmA5ok0NfsRw4Zhyx9RaIs/e7tZMJ29O46oh0IRx6jwZCQ"
            }
        }

But the spec says only [a-zA-Z0-9_] is allowed (https://matrix.org/docs/spec/server_server/r0.1.4#post-matrix-key-v2-query)

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-Spec-Complianceplaces where synapse does not conform to the specA-Validation500 (mostly) errors due to lack of event/parameter validationS-MinorBlocks non-critical functionality, workarounds exist.S-TolerableMinor significance, cosmetic issues, low or no impact to users.T-DefectBugs, crashes, hangs, security vulnerabilities, or other reported issues.Z-CleanupThings we want to get rid of, but aren't actively causing pain

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions