mirror of
https://github.com/matrix-org/matrix-spec
synced 2025-12-20 16:38:37 +01:00
The server-name segment of MXC URIs is sanitised differently from the media-id segment (#2217)
Some checks failed
Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled
Spec / 🔎 Check Event schema examples (push) Has been cancelled
Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled
Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled
Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled
Spec / 📢 Run towncrier for changelog (push) Has been cancelled
Spell Check / Spell Check with Typos (push) Has been cancelled
Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled
Spec / 📖 Build the spec (push) Has been cancelled
Spec / 🔎 Validate generated HTML (push) Has been cancelled
Spec / 📖 Build the historical backup spec (push) Has been cancelled
Some checks failed
Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled
Spec / 🔎 Check Event schema examples (push) Has been cancelled
Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled
Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled
Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled
Spec / 📢 Run towncrier for changelog (push) Has been cancelled
Spell Check / Spell Check with Typos (push) Has been cancelled
Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled
Spec / 📖 Build the spec (push) Has been cancelled
Spec / 🔎 Validate generated HTML (push) Has been cancelled
Spec / 📖 Build the historical backup spec (push) Has been cancelled
Fixes: #1990 Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
This commit is contained in:
Johannes Marbach
GitHub
parent
21109b4d5b
commit
d8be2ad942
|
|
@ -0,0 +1 @@
|
||||||
|
The `server-name` segment of MXC URIs is sanitised differently from the `media-id` segment.
|
||||||
|
|
@ -134,9 +134,14 @@ entity isn't in the room.
|
||||||
`mxc://` URIs are vulnerable to directory traversal attacks such as
|
`mxc://` URIs are vulnerable to directory traversal attacks such as
|
||||||
`mxc://127.0.0.1/../../../some_service/etc/passwd`. This would cause the
|
`mxc://127.0.0.1/../../../some_service/etc/passwd`. This would cause the
|
||||||
target homeserver to try to access and return this file. As such,
|
target homeserver to try to access and return this file. As such,
|
||||||
homeservers MUST sanitise `mxc://` URIs by allowing only alphanumeric
|
homeservers MUST sanitise `mxc://` URIs by:
|
||||||
(`A-Za-z0-9`), `_` and `-` characters in the `server-name` and
|
|
||||||
`media-id` values. This set of whitelisted characters allows URL-safe
|
- restricting the `server-name` segment to valid
|
||||||
|
[server names](/appendices/#server-name)
|
||||||
|
- allowing only alphanumeric (`A-Za-z0-9`), `_` and `-` characters in
|
||||||
|
the `media-id` segment
|
||||||
|
|
||||||
|
The resulting set of whitelisted characters allows URL-safe
|
||||||
base64 encodings specified in RFC 4648. Applying this character
|
base64 encodings specified in RFC 4648. Applying this character
|
||||||
whitelist is preferable to blacklisting `.` and `/` as there are
|
whitelist is preferable to blacklisting `.` and `/` as there are
|
||||||
techniques around blacklisted characters (percent-encoded characters,
|
techniques around blacklisted characters (percent-encoded characters,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue