Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

M_UNAUTHORIZED if 'Authorization' header value contains optional whitespace for federation requests (SYN-437) #1350

Closed
matrixbot opened this issue Dec 15, 2023 · 0 comments · Fixed by #17145
Closed

M_UNAUTHORIZED if 'Authorization' header value contains optional whitespace for federation requests (SYN-437) #1350

matrixbot opened this issue Dec 15, 2023 · 0 comments · Fixed by #17145
Labels
A-Spec-Compliance good first issue This is a fix that might be an easy place for someone to start for their first contribution O-Uncommon S-Tolerable T-Defect

Comments

@matrixbot
Copy link
Collaborator

matrixbot commented Dec 15, 2023
edited
Loading

This issue has been migrated from #1350.

It's a little unclear from the spec, but I believe the intention is that the federation Authorization header is supposed to follow RFC7235 format. To quote:

 Authorization = credentials

  credentials = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param )
    *( OWS "," [ OWS auth-param ] ) ] ) ]

The OWS parts in there suggest that "optional whitespace" is allowed between comma-separated auth-param components.

However, while synapse is happy with

Authorization: X-Matrix origin="localhost:33515",key="ed25519:1",sig="hNMLqNd1T+JUVc53JxpRUtV8uTeAFiz/H8ewf5BffPz4Pem3EiIOq7L06B3fNHmWrW+ZVBkdG1tGEU9Fyl+lAA"

it breaks with

Authorization: X-Matrix origin="localhost:48078", key="ed25519:1", sig="24xkXS8iJE9dCdU5j0GRym4eps+vzUYvYaPosjdjU/G2etNQGVc1erInpmjJJHlJoJu1GDb8H3JzXQga47oADg"

In the latter case, the resulting error message is:

400 Bad Request
{"errcode":"M_UNAUTHORIZED","error":"Malformed Authorization header"}

(Imported from https://matrix.org/jira/browse/SYN-437)

(Reported by @leonerd)
@matrixbot matrixbot changed the title Dummy issue M_UNAUTHORIZED if 'Authorization' header value contains optional whitespace for federation requests (SYN-437) Dec 21, 2023
@matrixbot matrixbot added A-Spec-Compliance good first issue This is a fix that might be an easy place for someone to start for their first contribution S-Tolerable O-Uncommon T-Defect labels Dec 21, 2023
@matrixbot matrixbot reopened this Dec 21, 2023
Timshel added a commit to Timshel/synapse that referenced this issue May 2, 2024
@Timshel
Optional whitespace support in Authorization (element-hq#1350)
e82dfde
@Timshel Timshel mentioned this issue May 2, 2024
Merged
Timshel added a commit to Timshel/synapse that referenced this issue May 7, 2024
@Timshel
Optional whitespace support in Authorization (element-hq#1350)
77711ee
Timshel added a commit to Timshel/synapse that referenced this issue May 7, 2024
@Timshel
Optional whitespace support in Authorization (element-hq#1350)
4bce0e2
Timshel added a commit to Timshel/synapse that referenced this issue May 8, 2024
@Timshel
Optional whitespace support in Authorization (element-hq#1350)
b7fd514
anoadragon453 added a commit that referenced this issue May 8, 2024
@Timshel @anoadragon453
Optional whitespace support in Authorization (#1350) (#17145)
34a8652 
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Spec-Compliance good first issue This is a fix that might be an easy place for someone to start for their first contribution O-Uncommon S-Tolerable T-Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Optional whitespace support in Authorization (#1350) Timshel/synapse
1 participant
@matrixbot