diff options
| author | Matthew <matthew@matrix.org> | 2017-01-07 02:13:06 +0000 |
|---|---|---|
| committer | Matthew <matthew@matrix.org> | 2017-01-07 02:13:14 +0000 |
| commit | e10c52793079185b5b6171bbd5e1ee624367ad90 (patch) | |
| tree | 4b92e7ebfaeeed1aaf305c21d6add5ae2a41f826 | |
| parent | oops, this should have been rc1 (diff) | |
| download | synapse-e10c52793079185b5b6171bbd5e1ee624367ad90.tar.xz | |
Discard PDUs from invalid origins due to #1753 in 0.18.[56] v0.18.7-rc1
| -rw-r--r-- | synapse/federation/federation_server.py | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py index 800f04189f..5f6e6cbb42 100644 --- a/synapse/federation/federation_server.py +++ b/synapse/federation/federation_server.py @@ -23,6 +23,7 @@ from synapse.util.async import Linearizer from synapse.util.logutils import log_function from synapse.util.caches.response_cache import ResponseCache from synapse.events import FrozenEvent +from synapse.types import get_domain_from_id import synapse.metrics from synapse.api.errors import AuthError, FederationError, SynapseError @@ -132,7 +133,7 @@ class FederationServer(FederationBase): if response: logger.debug( - "[%s] We've already responed to this request", + "[%s] We've already responded to this request", transaction.transaction_id ) defer.returnValue(response) @@ -475,6 +476,27 @@ class FederationServer(FederationBase): @defer.inlineCallbacks @log_function def _handle_new_pdu(self, origin, pdu, get_missing=True): + + # check that it's actually being sent from a valid destination to + # workaround bug #1753 in 0.18.5 and 0.18.6 + if origin != get_domain_from_id(pdu.event_id): + if not ( + pdu.type == 'm.room.member' and + pdu.content and + pdu.content.get("membership", None) == 'join' and + self.hs.is_mine_id(pdu.state_key) + ): + logger.info( + "Discarding PDU %s from invalid origin %s", + pdu.event_id, origin + ) + return + else: + logger.info( + "Accepting join PDU %s from %s", + pdu.event_id, origin + ) + # We reprocess pdus when we have seen them only as outliers existing = yield self._get_persisted_pdu( origin, pdu.event_id, do_auth=False |