summary refs log tree commit diff
path: root/synapse/rest/client/login.py
diff options
context:
space:
mode:
authorShay <hillerys@element.io>2022-04-13 10:04:01 -0700
committerGitHub <noreply@github.com>2022-04-13 10:04:01 -0700
commit8e2759f2d86d68fa621ba51ae73171e25fe9510d (patch)
tree25c0789573598c89c9c7c58e78892bd24eeaffa3 /synapse/rest/client/login.py
parentdocs: Don't render the table of contents on the print page (#12340) (diff)
downloadsynapse-8e2759f2d86d68fa621ba51ae73171e25fe9510d.tar.xz
Limit `device_id` size to 512B (#12454)
*
Diffstat (limited to 'synapse/rest/client/login.py')
-rw-r--r--synapse/rest/client/login.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py
index c9d44c5964..4a4dbe75de 100644
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@@ -342,6 +342,15 @@ class LoginRestServlet(RestServlet):
             user_id = canonical_uid
 
         device_id = login_submission.get("device_id")
+
+        # If device_id is present, check that device_id is not longer than a reasonable 512 characters
+        if device_id and len(device_id) > 512:
+            raise LoginError(
+                400,
+                "device_id cannot be longer than 512 characters.",
+                errcode=Codes.INVALID_PARAM,
+            )
+
         initial_display_name = login_submission.get("initial_device_display_name")
         (
             device_id,