This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Fix recursion error when fetching auth chain over federation #7817
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When fetching the state of a room over federation we receive the event IDs of the state and auth chain. We then fetch those events that we don't already have. However, we used a function that recursively fetched any missing auth events for the fetched events, which can lead to a lot of recursion if the server is missing most of the auth chain. This work is entirely pointless because would have queued up the missing events in the auth chain to be fetched already. Let's just diable the recursion, since it only gets called from one place anyway.
richvdh
reviewed
Jul 10, 2020
richvdh
reviewed
Jul 10, 2020
babolivier
reviewed
Jul 10, 2020
There was a problem hiding this comment.
lgtm otherwise, though I'd like @richvdh seal of approval before merging as he usually has more context than me on this area.
|
Tests are fixed by matrix-org/sytest#911 |
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
richvdh
reviewed
Jul 10, 2020
synapse/event_auth.py
Outdated
| @@ -69,10 +69,11 @@ def check( | |||
| # sanity-check it | |||
| for auth_event in auth_events.values(): | |||
| if auth_event.room_id != room_id: | |||
| raise Exception( | |||
| raise AuthError( | |||
| 500, | |||
There was a problem hiding this comment.
oh oof there is AuthError(500) above. whatever.
There was a problem hiding this comment.
Oh, yes, probably actually. I was copying it from a previous line, but I don't think that makes sense
There was a problem hiding this comment.
but also: if we actually hit this code and it matters, the comment needs changing.
There was a problem hiding this comment.
/me awards past me a prize for including sanity checks for security-critical things
There was a problem hiding this comment.
Sorry, which comment?
babolivier
pushed a commit
that referenced
this pull request
Sep 1, 2021
* commit 'e29c44340': Fix recursion error when fetching auth chain over federation (#7817)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When fetching the state of a room over federation we receive the event
IDs of the state and auth chain. We then fetch those events that we
don't already have.
However, we used a function that recursively fetched any missing auth
events for the fetched events, which can lead to a lot of recursion if
the server is missing most of the auth chain. This work is entirely
pointless because would have queued up the missing events in the auth
chain to be fetched already.
Let's just diable the recursion, since it only gets called from one
place anyway.