From d54909956ef616d976b3d9969be994df5b65030a Mon Sep 17 00:00:00 2001
From: santhoshivan23 <47689668+santhoshivan23@users.noreply.github.com>
Date: Wed, 22 Jun 2022 20:02:18 +0530
Subject: validate room alias before interacting with the room directory
 (#13106)

---
 changelog.d/13106.bugfix            |  1 +
 synapse/rest/client/directory.py    |  6 ++++++
 tests/rest/client/test_directory.py | 13 +++++++++++++
 3 files changed, 20 insertions(+)
 create mode 100644 changelog.d/13106.bugfix

diff --git a/changelog.d/13106.bugfix b/changelog.d/13106.bugfix
new file mode 100644
index 0000000000..0dc16bad08
--- /dev/null
+++ b/changelog.d/13106.bugfix
@@ -0,0 +1 @@
+Fix a long-standing bug where room directory requests would cause an internal server error if given a malformed room alias.
\ No newline at end of file
diff --git a/synapse/rest/client/directory.py b/synapse/rest/client/directory.py
index 9639d4fe2c..d6c89cb162 100644
--- a/synapse/rest/client/directory.py
+++ b/synapse/rest/client/directory.py
@@ -46,6 +46,8 @@ class ClientDirectoryServer(RestServlet):
         self.auth = hs.get_auth()
 
     async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict]:
+        if not RoomAlias.is_valid(room_alias):
+            raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
         room_alias_obj = RoomAlias.from_string(room_alias)
 
         res = await self.directory_handler.get_association(room_alias_obj)
@@ -55,6 +57,8 @@ class ClientDirectoryServer(RestServlet):
     async def on_PUT(
         self, request: SynapseRequest, room_alias: str
     ) -> Tuple[int, JsonDict]:
+        if not RoomAlias.is_valid(room_alias):
+            raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
         room_alias_obj = RoomAlias.from_string(room_alias)
 
         content = parse_json_object_from_request(request)
@@ -89,6 +93,8 @@ class ClientDirectoryServer(RestServlet):
     async def on_DELETE(
         self, request: SynapseRequest, room_alias: str
     ) -> Tuple[int, JsonDict]:
+        if not RoomAlias.is_valid(room_alias):
+            raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
         room_alias_obj = RoomAlias.from_string(room_alias)
         requester = await self.auth.get_user_by_req(request)
 
diff --git a/tests/rest/client/test_directory.py b/tests/rest/client/test_directory.py
index 67473a68d7..16e7ef41bc 100644
--- a/tests/rest/client/test_directory.py
+++ b/tests/rest/client/test_directory.py
@@ -215,6 +215,19 @@ class DirectoryTestCase(unittest.HomeserverTestCase):
         self.assertEqual(channel.code, expected_code, channel.result)
         return alias
 
+    def test_invalid_alias(self) -> None:
+        alias = "#potato"
+        channel = self.make_request(
+            "GET",
+            f"/_matrix/client/r0/directory/room/{alias}",
+            access_token=self.user_tok,
+        )
+        self.assertEqual(channel.code, HTTPStatus.BAD_REQUEST, channel.result)
+        self.assertIn("error", channel.json_body, channel.json_body)
+        self.assertEqual(
+            channel.json_body["errcode"], "M_INVALID_PARAM", channel.json_body
+        )
+
     def random_alias(self, length: int) -> str:
         return RoomAlias(random_string(length), self.hs.hostname).to_string()
 
-- 
cgit 1.4.1