From e10c52793079185b5b6171bbd5e1ee624367ad90 Mon Sep 17 00:00:00 2001 From: Matthew Date: Sat, 7 Jan 2017 02:13:06 +0000 Subject: Discard PDUs from invalid origins due to #1753 in 0.18.[56] --- synapse/federation/federation_server.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'synapse') diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py index 800f04189f..5f6e6cbb42 100644 --- a/synapse/federation/federation_server.py +++ b/synapse/federation/federation_server.py @@ -23,6 +23,7 @@ from synapse.util.async import Linearizer from synapse.util.logutils import log_function from synapse.util.caches.response_cache import ResponseCache from synapse.events import FrozenEvent +from synapse.types import get_domain_from_id import synapse.metrics from synapse.api.errors import AuthError, FederationError, SynapseError @@ -132,7 +133,7 @@ class FederationServer(FederationBase): if response: logger.debug( - "[%s] We've already responed to this request", + "[%s] We've already responded to this request", transaction.transaction_id ) defer.returnValue(response) @@ -475,6 +476,27 @@ class FederationServer(FederationBase): @defer.inlineCallbacks @log_function def _handle_new_pdu(self, origin, pdu, get_missing=True): + + # check that it's actually being sent from a valid destination to + # workaround bug #1753 in 0.18.5 and 0.18.6 + if origin != get_domain_from_id(pdu.event_id): + if not ( + pdu.type == 'm.room.member' and + pdu.content and + pdu.content.get("membership", None) == 'join' and + self.hs.is_mine_id(pdu.state_key) + ): + logger.info( + "Discarding PDU %s from invalid origin %s", + pdu.event_id, origin + ) + return + else: + logger.info( + "Accepting join PDU %s from %s", + pdu.event_id, origin + ) + # We reprocess pdus when we have seen them only as outliers existing = yield self._get_persisted_pdu( origin, pdu.event_id, do_auth=False -- cgit 1.4.1