diff options
| author | Erik Johnston <erik@matrix.org> | 2022-03-03 10:52:35 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-03 10:52:35 +0000 |
| commit | 61fd2a8f591f20fe9d1cffe659336664bf44e742 (patch) | |
| tree | 1ca22130f6ff39fb974f27c2df77d69f0acb7ee5 | |
| parent | Enable MSC3030 Complement tests in Synapse (#12144) (diff) | |
| download | synapse-61fd2a8f591f20fe9d1cffe659336664bf44e742.tar.xz | |
Limit the size of the aggregation_key (#12101)
There's no reason to let people use long keys.
| -rw-r--r-- | changelog.d/12101.misc | 1 | ||||
| -rw-r--r-- | synapse/handlers/message.py | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/changelog.d/12101.misc b/changelog.d/12101.misc new file mode 100644 index 0000000000..d165f73d13 --- /dev/null +++ b/changelog.d/12101.misc @@ -0,0 +1 @@ +Limit the size of `aggregation_key` on annotations. diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py index 61cb133ef2..0799ec9a84 100644 --- a/synapse/handlers/message.py +++ b/synapse/handlers/message.py @@ -1069,6 +1069,9 @@ class EventCreationHandler: if relation_type == RelationTypes.ANNOTATION: aggregation_key = relation["key"] + if len(aggregation_key) > 500: + raise SynapseError(400, "Aggregation key is too long") + already_exists = await self.store.has_user_annotated_event( relates_to, event.type, aggregation_key, event.sender ) |