Fix use of unsanitised string in Errorf

richvdh · richvdh · commit 1d9fdd662645 · 2024-11-05T11:58:02.000Z
If the error message returned by the server contained a `%` character, `Errorf`
would attempt to interpolate it, causing a panic.
diff --git a/spec/matrixerror.go b/spec/matrixerror.go
@@ -15,6 +15,7 @@
 package spec
 
 import (
+	"errors"
 	"fmt"
 )
 
@@ -63,7 +64,7 @@ func (e MatrixError) Error() string {
 }
 
 func (e MatrixError) Unwrap() error {
-	return fmt.Errorf(e.Err)
+	return errors.New(e.Err)
 }
 
 // InternalServerError
@@ -231,7 +232,7 @@ func (e IncompatibleRoomVersionError) Error() string {
 }
 
 func (e IncompatibleRoomVersionError) Unwrap() error {
-	return fmt.Errorf(e.Err)
+	return errors.New(e.Err)
 }
 
 // IncompatibleRoomVersion is an error which is returned when the client
diff --git a/tokens/tokens_test.go b/tokens/tokens_test.go
@@ -61,17 +61,17 @@ func serializationTestError(err error) string {
 func TestSerialization(t *testing.T) {
 	fakeToken, err := GenerateLoginToken(validTokenOp)
 	if err != nil {
-		t.Errorf(serializationTestError(err))
+		t.Errorf("%s", serializationTestError(err))
 	}
 
 	fakeMacaroon, err := deSerializeMacaroon(fakeToken)
 	if err != nil {
-		t.Errorf(serializationTestError(err))
+		t.Errorf("%s", serializationTestError(err))
 	}
 
 	sameFakeToken, err := serializeMacaroon(fakeMacaroon)
 	if err != nil {
-		t.Errorf(serializationTestError(err))
+		t.Errorf("%s", serializationTestError(err))
 	}
 
 	if sameFakeToken != fakeToken {

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@`
`15`	`15`	`package spec`
`16`	`16`
`17`	`17`	`import (`
	`18`	`+ "errors"`
`18`	`19`	`"fmt"`
`19`	`20`	`)`
`20`	`21`
`@@ -63,7 +64,7 @@ func (e MatrixError) Error() string {`
`63`	`64`	`}`
`64`	`65`
`65`	`66`	`func (e MatrixError) Unwrap() error {`
`66`		`- return fmt.Errorf(e.Err)`
	`67`	`+ return errors.New(e.Err)`
`67`	`68`	`}`
`68`	`69`
`69`	`70`	`// InternalServerError`
`@@ -231,7 +232,7 @@ func (e IncompatibleRoomVersionError) Error() string {`
`231`	`232`	`}`
`232`	`233`
`233`	`234`	`func (e IncompatibleRoomVersionError) Unwrap() error {`
`234`		`- return fmt.Errorf(e.Err)`
	`235`	`+ return errors.New(e.Err)`
`235`	`236`	`}`
`236`	`237`
`237`	`238`	`// IncompatibleRoomVersion is an error which is returned when the client`
Original file line number	Diff line number	Diff line change
`@@ -61,17 +61,17 @@ func serializationTestError(err error) string {`
`61`	`61`	`func TestSerialization(t *testing.T) {`
`62`	`62`	`fakeToken, err := GenerateLoginToken(validTokenOp)`
`63`	`63`	`if err != nil {`
`64`		`- t.Errorf(serializationTestError(err))`
	`64`	`+ t.Errorf("%s", serializationTestError(err))`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`fakeMacaroon, err := deSerializeMacaroon(fakeToken)`
`68`	`68`	`if err != nil {`
`69`		`- t.Errorf(serializationTestError(err))`
	`69`	`+ t.Errorf("%s", serializationTestError(err))`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`sameFakeToken, err := serializeMacaroon(fakeMacaroon)`
`73`	`73`	`if err != nil {`
`74`		`- t.Errorf(serializationTestError(err))`
	`74`	`+ t.Errorf("%s", serializationTestError(err))`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`if sameFakeToken != fakeToken {`