summary refs log tree commit diff
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-12-13 11:44:41 +0000
committerGitHub <noreply@github.com>2019-12-13 11:44:41 +0000
commit971a0702b5fce743c8bb61424a5f1002d3eb63ff (patch)
tree64879adf6af751c6ffafa5e3515305f7ffb25c39
parentMerge pull request #6537 from matrix-org/erikj/bump_mypy_version (diff)
downloadsynapse-971a0702b5fce743c8bb61424a5f1002d3eb63ff.tar.xz
Sanity-check room ids in event auth (#6530)
When we do an event auth operation, check that all of the events involved are
in the right room.
-rw-r--r--changelog.d/6530.misc2
-rw-r--r--synapse/event_auth.py12
2 files changed, 14 insertions, 0 deletions
diff --git a/changelog.d/6530.misc b/changelog.d/6530.misc
new file mode 100644
index 0000000000..f885597426
--- /dev/null
+++ b/changelog.d/6530.misc
@@ -0,0 +1,2 @@
+Improve sanity-checking when receiving events over federation.
+
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index c940b84470..80ec911b3d 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -50,6 +50,18 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
     if not hasattr(event, "room_id"):
         raise AuthError(500, "Event has no room_id: %s" % event)
 
+    room_id = event.room_id
+
+    # I'm not really expecting to get auth events in the wrong room, but let's
+    # sanity-check it
+    for auth_event in auth_events.values():
+        if auth_event.room_id != room_id:
+            raise Exception(
+                "During auth for event %s in room %s, found event %s in the state "
+                "which is in room %s"
+                % (event.event_id, room_id, auth_event.event_id, auth_event.room_id)
+            )
+
     if do_sig_check:
         sender_domain = get_domain_from_id(event.sender)