Skip to content

Commit

Permalink
Fail sig verification unless returned valid_until_ts is an integer.
Browse files Browse the repository at this point in the history
When fetching a remote homeserver key, the field `valid_until_ts` must
be an integer if it is returned.
  • Loading branch information
dkasak committed Mar 31, 2021
1 parent 29e7f4f commit 07e6da7
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
7 changes: 6 additions & 1 deletion sydent/hs_federation/verifier.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,13 +78,18 @@ def _getKeysForServer(self, server_name):

client = FederationHttpClient(self.sydent)
result = yield client.get_json("matrix://%s/_matrix/key/v2/server/" % server_name, 1024 * 50)

if 'verify_keys' not in result:
raise SignatureVerifyException("No key found in response")

if 'valid_until_ts' in result:
if not isinstance(result['valid_until_ts'], int):
raise SignatureVerifyException("Invalid valid_until_ts received, must be an integer")

# Don't cache anything without a valid_until_ts or we wouldn't
# know when to expire it.
logger.info("Got keys for %s: caching until %s", server_name, result['valid_until_ts'])

logger.info("Got keys for %s: caching until %d", server_name, result['valid_until_ts'])
self.cache[server_name] = result

defer.returnValue(result['verify_keys'])
Expand Down
1 change: 0 additions & 1 deletion sydent/http/servlets/termsservlet.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,3 @@ def render_POST(self, request):
def render_OPTIONS(self, request):
send_cors(request)
return b''

0 comments on commit 07e6da7

Please sign in to comment.