M_UNAUTHORIZED if 'Authorization' header value contains optional whitespace for federation requests (SYN-437) · matrix-org/synapse#1350

(5 commenti) (0 reazioni) (0 assegnatari)Python (2196 fork)batch import

A-Spec-ComplianceO-UncommonS-TolerableT-Defectgood first issue

Metriche repository

Star: (11.713 star)
Metriche merge PR: (Nessuna PR mergiata in 30 g)

Descrizione

It's a little unclear from the spec, but I believe the intention is that the federation Authorization header is supposed to follow RFC7235 format. To quote:

 Authorization = credentials

  credentials = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param )
    *( OWS "," [ OWS auth-param ] ) ] ) ]

The OWS parts in there suggest that "optional whitespace" is allowed between comma-separated auth-param components.

However, while synapse is happy with

Authorization: X-Matrix origin="localhost:33515",key="ed25519:1",sig="hNMLqNd1T+JUVc53JxpRUtV8uTeAFiz/H8ewf5BffPz4Pem3EiIOq7L06B3fNHmWrW+ZVBkdG1tGEU9Fyl+lAA"

it breaks with

Authorization: X-Matrix origin="localhost:48078", key="ed25519:1", sig="24xkXS8iJE9dCdU5j0GRym4eps+vzUYvYaPosjdjU/G2etNQGVc1erInpmjJJHlJoJu1GDb8H3JzXQga47oADg"

In the latter case, the resulting error message is:

400 Bad Request
{"errcode":"M_UNAUTHORIZED","error":"Malformed Authorization header"}

(Imported from https://matrix.org/jira/browse/SYN-437)

(Reported by @leonerd)

Guida contributor

Direzione di ricerca: Esamina la logica di parsing dell'intestazione Authorization per la federazione, in particolare come vengono suddivisi e rifilati i componenti auth param. Assicurati che gli spazi bianchi opzionali (OWS) dopo le virgole siano gestiti come da RFC7235.
Tech stack: python
Dominio: backend
Tipo issue: Bug
Difficoltà: 2
Tempo stimato: Meno di 1 ora
Stato attività: Attiva
Chiarezza: Chiara
Prerequisiti: PythonHTTP basics
Adatta ai principianti: 70

Metriche repository

Descrizione

Guida contributor

Ricevi issue Easy fresche nella tua inbox.