Merge pull request #5808 from matrix-org/erikj/parse_decode_error

Handle incorrectly encoded query params correctly
author: Erik Johnston <erik@matrix.org> 2019-08-01 13:48:10 +0100
committer: GitHub <noreply@github.com> 2019-08-01 13:48:10 +0100
commit: 3c076c79c585c3836c4e5933d86441aec0e3919d (patch)
tree: 94368e51c0a627797638277ef3509eaf1a0c2bcd
parent: Merge pull request #5805 from matrix-org/erikj/validate_state (diff)
parent: Newsfile (diff)
download: synapse-3c076c79c585c3836c4e5933d86441aec0e3919d.tar.xz
2 files changed, 7 insertions, 1 deletions
diff --git a/changelog.d/5808.misc b/changelog.d/5808.misc
new file mode 100644
index 0000000000..cac3fd34d1
--- /dev/null
+++ b/changelog.d/5808.misc
@@ -0,0 +1 @@
+Handle incorrectly encoded query params correctly by returning a 400.
diff --git a/synapse/http/servlet.py b/synapse/http/servlet.py
index f0ca7d9aba..fd07bf7b8e 100644
--- a/synapse/http/servlet.py
+++ b/synapse/http/servlet.py
@@ -166,7 +166,12 @@ def parse_string_from_args(
         value = args[name][0]
 
         if encoding:
-            value = value.decode(encoding)
+            try:
+                value = value.decode(encoding)
+            except ValueError:
+                raise SynapseError(
+                    400, "Query parameter %r must be %s" % (name, encoding)
+                )
 
         if allowed_values is not None and value not in allowed_values:
             message = "Query parameter %r must be one of [%s]" % (
author	Erik Johnston <erik@matrix.org>	2019-08-01 13:48:10 +0100
committer	GitHub <noreply@github.com>	2019-08-01 13:48:10 +0100
commit	3c076c79c585c3836c4e5933d86441aec0e3919d (patch)
tree	94368e51c0a627797638277ef3509eaf1a0c2bcd
parent	Merge pull request #5805 from matrix-org/erikj/validate_state (diff)
parent	Newsfile (diff)
download	synapse-3c076c79c585c3836c4e5933d86441aec0e3919d.tar.xz