diff options
author | Richard van der Hoff <richard@matrix.org> | 2018-04-17 22:11:19 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2018-04-18 00:06:42 +0100 |
commit | 9b7794262fa1a061f6668a6693a79b9bf8d3567a (patch) | |
tree | f44dfa584b32c1b7d13404f9d773d57547ce4699 | |
parent | fix spurious changelog dup (diff) | |
download | synapse-9b7794262fa1a061f6668a6693a79b9bf8d3567a.tar.xz |
Reject events which have too many auth_events or prev_events
... this should protect us from being dossed by people making silly events (deliberately or otherwise)
-rw-r--r-- | synapse/handlers/federation.py | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index 080aca3d71..b7b0816449 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -15,8 +15,14 @@ # limitations under the License. """Contains handlers for federation events.""" + +import httplib +import itertools +import logging + from signedjson.key import decode_verify_key_bytes from signedjson.sign import verify_signed_json +from twisted.internet import defer from unpaddedbase64 import decode_base64 from ._base import BaseHandler @@ -43,10 +49,6 @@ from synapse.util.retryutils import NotRetryingDestination from synapse.util.distributor import user_joined_room -from twisted.internet import defer - -import itertools -import logging logger = logging.getLogger(__name__) @@ -115,6 +117,28 @@ class FederationHandler(BaseHandler): logger.debug("Already seen pdu %s", pdu.event_id) return + # do some initial sanity-checking of the event. In particular, make + # sure it doesn't have hundreds of prev_events or auth_events, which + # could cause a huge state resolution or cascade of event fetches + if len(pdu.prev_events) > 20: + logger.warn("Rejecting event %s which has %i prev_events", + pdu.event_id, len(pdu.prev_events)) + raise FederationError( + "ERROR", + httplib.BAD_REQUEST, + "Too many prev_events", + affected=pdu.event_id, + ) + if len(pdu.auth_events) > 10: + logger.warn("Rejecting event %s which has %i auth_events", + pdu.event_id, len(pdu.auth_events)) + raise FederationError( + "ERROR", + httplib.BAD_REQUEST, + "Too many auth_events", + affected=pdu.event_id, + ) + # If we are currently in the process of joining this room, then we # queue up events for later processing. if pdu.room_id in self.room_queues: |