summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2022-03-03 10:52:35 +0000
committerGitHub <noreply@github.com>2022-03-03 10:52:35 +0000
commit61fd2a8f591f20fe9d1cffe659336664bf44e742 (patch)
tree1ca22130f6ff39fb974f27c2df77d69f0acb7ee5
parentEnable MSC3030 Complement tests in Synapse (#12144) (diff)
downloadsynapse-61fd2a8f591f20fe9d1cffe659336664bf44e742.tar.xz
Limit the size of the aggregation_key (#12101)
There's no reason to let people use long keys.
Diffstat (limited to '')
-rw-r--r--changelog.d/12101.misc1
-rw-r--r--synapse/handlers/message.py3
2 files changed, 4 insertions, 0 deletions
diff --git a/changelog.d/12101.misc b/changelog.d/12101.misc
new file mode 100644
index 0000000000..d165f73d13
--- /dev/null
+++ b/changelog.d/12101.misc
@@ -0,0 +1 @@
+Limit the size of `aggregation_key` on annotations.
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index 61cb133ef2..0799ec9a84 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -1069,6 +1069,9 @@ class EventCreationHandler:
         if relation_type == RelationTypes.ANNOTATION:
             aggregation_key = relation["key"]
 
+            if len(aggregation_key) > 500:
+                raise SynapseError(400, "Aggregation key is too long")
+
             already_exists = await self.store.has_user_annotated_event(
                 relates_to, event.type, aggregation_key, event.sender
             )