chris/ruwuma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

identifiers: Don't accept colons in user-id localparts, even in compat

Browse Source
This commit is contained in:
Jonas Platte 2023-02-07 20:54:30 +01:00
parent 9c65a7dcae
commit 3013ca0dc1
No known key found for this signature in database
GPG Key ID: AAA7A61F696C3E0C
3 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crates/ruma-common/CHANGELOG.md
View File

@ -1,5 +1,10 @@
# [unreleased] # [unreleased]
Bug fixes:
- Don't accept colons in the localpart given to `UserId::parse_with_servername`
even with `feature = "compat"`
Improvements: Improvements:
- Derive `Hash` for `ReceiptType` and `ReceiptThread` - Derive `Hash` for `ReceiptType` and `ReceiptThread`

5
crates/ruma-common/src/identifiers/user_id.rs
View File

@ -206,6 +206,11 @@ mod tests {
UserId::parse_arc(user_id).unwrap_err(); UserId::parse_arc(user_id).unwrap_err();
} }
#[test]
fn definitely_invalid_user_id() {
UserId::parse_with_server_name("a:b", server_name!("example.com")).unwrap_err();
}
#[test] #[test]
fn valid_historical_user_id() { fn valid_historical_user_id() {
let user_id = let user_id =

22
crates/ruma-identifiers-validation/src/user_id.rs
View File

@ -23,12 +23,22 @@ pub fn localpart_is_fully_conforming(localpart: &str) -> Result<bool, Error> {
.bytes() .bytes()
.all(|b| matches!(b, b'0'..=b'9' | b'a'..=b'z' | b'-' | b'.' | b'=' | b'_' | b'/')); .all(|b| matches!(b, b'0'..=b'9' | b'a'..=b'z' | b'-' | b'.' | b'=' | b'_' | b'/'));
// If it's not fully conforming, check if it contains characters that are also disallowed if !is_fully_conforming {
// for historical user IDs. If there are, return an error. // If it's not fully conforming, check if it contains characters that are also disallowed
// See https://spec.matrix.org/v1.4/appendices/#historical-user-ids // for historical user IDs. If there are, return an error.
#[cfg(not(feature = "compat"))] // See https://spec.matrix.org/v1.4/appendices/#historical-user-ids
if !is_fully_conforming && localpart.bytes().any(|b| b < 0x21 || b == b':' || b > 0x7E) { #[cfg(not(feature = "compat"))]
return Err(Error::InvalidCharacters); let is_invalid = localpart.bytes().any(|b| b < 0x21 || b == b':' || b > 0x7E);
// In compat mode, allow anything except `:` to match Synapse. The `:` check is only needed
// because this function can be called through `UserId::parse_with_servername`, otherwise
// it would be impossible for the input to contain a `:`.
#[cfg(feature = "compat")]
let is_invalid = localpart.as_bytes().contains(&b':');
if is_invalid {
return Err(Error::InvalidCharacters);
}
} }
Ok(is_fully_conforming) Ok(is_fully_conforming)