Additional fixes for rejecting invalid JSON.

This augments #8106 to handle: * Cases where we use treq to decode JSON. * A bug in the exception that gets raised during invalid JSON handling.
matrix-org · Sep 10, 2020 · 1cad688 · 1cad688
1 parent 536f4a2
commit 1cad688
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/synapse/http/matrixfederationclient.py b/synapse/http/matrixfederationclient.py
@@ -54,6 +54,7 @@
     start_active_span,
     tags,
 )
+from synapse.util import _reject_invalid_json
 from synapse.util.async_helpers import timeout_deferred
 from synapse.util.metrics import Measure
 
@@ -164,7 +165,8 @@ async def _handle_json_response(
     try:
         check_content_type_is_json(response.headers)
 
-        d = treq.json_content(response)
+        # Reject Python extensions to JSON.
+        d = treq.json_content(response, parse_constant=_reject_invalid_json)
         d = timeout_deferred(d, timeout=timeout_sec, reactor=reactor)
 
         body = await make_deferred_yieldable(d)

diff --git a/synapse/util/__init__.py b/synapse/util/__init__.py
@@ -28,7 +28,7 @@
 
 def _reject_invalid_json(val):
     """Do not allow Infinity, -Infinity, or NaN values in JSON."""
-    raise json.JSONDecodeError("Invalid JSON value: '%s'" % val)
+    raise ValueError("Invalid JSON value: '%s'" % val)
 
 
 # Create a custom encoder to reduce the whitespace produced by JSON encoding and