From 76b18df3d95cd881017a9aa5c8473409928faecd Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Wed, 6 Jul 2016 11:16:10 +0100
Subject: [PATCH] Check that there are no null bytes in user and passsword

---
 synapse/rest/client/v1/register.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/synapse/rest/client/v1/register.py b/synapse/rest/client/v1/register.py
index 83872f5f6..ce7099b18 100644
--- a/synapse/rest/client/v1/register.py
+++ b/synapse/rest/client/v1/register.py
@@ -327,6 +327,12 @@ class RegisterRestServlet(ClientV1RestServlet):
         password = register_json["password"].encode("utf-8")
         admin = register_json.get("admin", None)
 
+        # Its important to check as we use null bytes as HMAC field separators
+        if "\x00" in user:
+            raise SynapseError(400, "Invalid user")
+        if "\x00" in password:
+            raise SynapseError(400, "Invalid password")
+
         # str() because otherwise hmac complains that 'unicode' does not
         # have the buffer interface
         got_mac = str(register_json["mac"])