From 03af588efbbffe7caaa223c555db2f900859fe8e Mon Sep 17 00:00:00 2001 From: girlbossceo Date: Sat, 28 Oct 2023 22:34:09 -0400 Subject: [PATCH] don't unwrap reqwest requests for appservice and pushers too this is another denial of service vector, but less severe than the federation one. Signed-off-by: girlbossceo --- src/api/appservice_server.rs | 3 +-- src/service/pusher/mod.rs | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/api/appservice_server.rs b/src/api/appservice_server.rs index 082a1bc2..6ea4330f 100644 --- a/src/api/appservice_server.rs +++ b/src/api/appservice_server.rs @@ -39,8 +39,7 @@ where ); *http_request.uri_mut() = parts.try_into().expect("our manipulation is always valid"); - let mut reqwest_request = reqwest::Request::try_from(http_request) - .expect("all http requests are valid reqwest requests"); + let mut reqwest_request = reqwest::Request::try_from(http_request)?; *reqwest_request.timeout_mut() = Some(Duration::from_secs(30)); diff --git a/src/service/pusher/mod.rs b/src/service/pusher/mod.rs index 249ee460..b0dbbe9e 100644 --- a/src/service/pusher/mod.rs +++ b/src/service/pusher/mod.rs @@ -66,8 +66,7 @@ impl Service { })? .map(|body| body.freeze()); - let reqwest_request = reqwest::Request::try_from(http_request) - .expect("all http requests are valid reqwest requests"); + let reqwest_request = reqwest::Request::try_from(http_request)?; // TODO: we could keep this very short and let expo backoff do it's thing... //*reqwest_request.timeout_mut() = Some(Duration::from_secs(5));