don't unwrap reqwest requests for appservice and pushers too

this is another denial of service vector, but less severe than the federation one. Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-10-28 22:34:09 -04:00
parent 8b95399387
commit 03af588efb
2 changed files with 2 additions and 4 deletions
--- a/src/api/appservice_server.rs
+++ b/src/api/appservice_server.rs
@@ -39,8 +39,7 @@ where
    );
    *http_request.uri_mut() = parts.try_into().expect("our manipulation is always valid");

-    let mut reqwest_request = reqwest::Request::try_from(http_request)
-        .expect("all http requests are valid reqwest requests");
+    let mut reqwest_request = reqwest::Request::try_from(http_request)?;

    *reqwest_request.timeout_mut() = Some(Duration::from_secs(30));