From df4963548b8f9bf9e36e76558864f7045d7b5215 Mon Sep 17 00:00:00 2001 From: reivilibre Date: Wed, 18 May 2022 11:46:06 +0000 Subject: Give a meaningful error message when a client tries to create a room with an invalid alias localpart. (#12779) --- synapse/handlers/directory.py | 3 +++ synapse/handlers/room.py | 15 +++++++++++++++ 2 files changed, 18 insertions(+) (limited to 'synapse') diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py index 33d827a45b..4aa33df884 100644 --- a/synapse/handlers/directory.py +++ b/synapse/handlers/directory.py @@ -71,6 +71,9 @@ class DirectoryHandler: if wchar in room_alias.localpart: raise SynapseError(400, "Invalid characters in room alias") + if ":" in room_alias.localpart: + raise SynapseError(400, "Invalid character in room alias localpart: ':'.") + if not self.hs.is_mine(room_alias): raise SynapseError(400, "Room alias must be local") # TODO(erikj): Change this. diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py index a2973109ad..53569e5212 100644 --- a/synapse/handlers/room.py +++ b/synapse/handlers/room.py @@ -751,6 +751,21 @@ class RoomCreationHandler: if wchar in config["room_alias_name"]: raise SynapseError(400, "Invalid characters in room alias") + if ":" in config["room_alias_name"]: + # Prevent someone from trying to pass in a full alias here. + # Note that it's permissible for a room alias to have multiple + # hash symbols at the start (notably bridged over from IRC, too), + # but the first colon in the alias is defined to separate the local + # part from the server name. + # (remember server names can contain port numbers, also separated + # by a colon. But under no circumstances should the local part be + # allowed to contain a colon!) + raise SynapseError( + 400, + "':' is not permitted in the room alias name. " + "Please note this expects a local part — 'wombat', not '#wombat:example.com'.", + ) + room_alias = RoomAlias(config["room_alias_name"], self.hs.hostname) mapping = await self.store.get_association_from_room_alias(room_alias) -- cgit 1.4.1