Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Sanity-check the rooms of auth events before pulling them in. #6472

Merged
merged 3 commits into from
Dec 5, 2019
Merged

Sanity-check the rooms of auth events before pulling them in. #6472

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
14eeb57
Another bit of cleanup in `_update_auth_events_and_context_for_auth`
richvdh Dec 4, 2019
106d92f
Sanity-check the rooms of auth events before pulling them in.
richvdh Dec 4, 2019
ebdbc55
changelog
richvdh Dec 4, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/6472.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Improve sanity-checking when receiving events over federation.
34 changes: 25 additions & 9 deletions synapse/handlers/federation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2195,21 +2195,37 @@ def _update_auth_events_and_context_for_auth(
different_auth,
)

# now we state-resolve between our own idea of the auth events, and the remote's
# idea of them.

room_version = yield self.store.get_room_version(event.room_id)

# XXX: currently this checks for redactions but I'm not convinced that is
# necessary?
different_events = yield self.store.get_events_as_list(different_auth)

local_view = dict(auth_events)
remote_view = dict(auth_events)
remote_view.update({(d.type, d.state_key): d for d in different_events})
for d in different_events:
if d.room_id != event.room_id:
logger.warning(
"Event %s refers to auth_event %s which is in a different room",
event.event_id,
d.event_id,
)

# don't attempt to resolve the claimed auth events against our own
# in this case: just use our own auth events.
#
# XXX: should we reject the event in this case? It feels like we should,
# but then shouldn't we also do so if we've failed to fetch any of the
# auth events?
return context

# now we state-resolve between our own idea of the auth events, and the remote's
# idea of them.

local_state = auth_events.values()
remote_auth_events = dict(auth_events)
remote_auth_events.update({(d.type, d.state_key): d for d in different_events})
remote_state = remote_auth_events.values()

room_version = yield self.store.get_room_version(event.room_id)
new_state = yield self.state_handler.resolve_events(
room_version, [list(local_view.values()), list(remote_view.values())], event
room_version, (local_state, remote_state), event
)

logger.info(
Expand Down