Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Sanity-check the rooms of auth events before pulling them in. (#6472)
Browse files Browse the repository at this point in the history
* commit 'e1f4c83f4':
  Sanity-check the rooms of auth events before pulling them in. (#6472)
  • Loading branch information
anoadragon453 committed Mar 19, 2020
2 parents fa3d0d9 + e1f4c83 commit c2fa3c8
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 9 deletions.
1 change: 1 addition & 0 deletions changelog.d/6472.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Improve sanity-checking when receiving events over federation.
34 changes: 25 additions & 9 deletions synapse/handlers/federation.py
Original file line number Diff line number Diff line change
Expand Up @@ -2202,21 +2202,37 @@ def _update_auth_events_and_context_for_auth(
different_auth,
)

# now we state-resolve between our own idea of the auth events, and the remote's
# idea of them.

room_version = yield self.store.get_room_version(event.room_id)

# XXX: currently this checks for redactions but I'm not convinced that is
# necessary?
different_events = yield self.store.get_events_as_list(different_auth)

local_view = dict(auth_events)
remote_view = dict(auth_events)
remote_view.update({(d.type, d.state_key): d for d in different_events})
for d in different_events:
if d.room_id != event.room_id:
logger.warning(
"Event %s refers to auth_event %s which is in a different room",
event.event_id,
d.event_id,
)

# don't attempt to resolve the claimed auth events against our own
# in this case: just use our own auth events.
#
# XXX: should we reject the event in this case? It feels like we should,
# but then shouldn't we also do so if we've failed to fetch any of the
# auth events?
return context

# now we state-resolve between our own idea of the auth events, and the remote's
# idea of them.

local_state = auth_events.values()
remote_auth_events = dict(auth_events)
remote_auth_events.update({(d.type, d.state_key): d for d in different_events})
remote_state = remote_auth_events.values()

room_version = yield self.store.get_room_version(event.room_id)
new_state = yield self.state_handler.resolve_events(
room_version, [list(local_view.values()), list(remote_view.values())], event
room_version, (local_state, remote_state), event
)

logger.info(
Expand Down

0 comments on commit c2fa3c8

Please sign in to comment.