Reject large transactions on federation (#4513)

* Reject large transactions on federation

* Add changelog

* lint

* Simplify large transaction handling

2 files changed, 17 insertions, 0 deletions

diff --git a/changelog.d/4513.misc b/changelog.d/4513.misc
new file mode 100644

index 0000000000..1f64a96465
--- /dev/null
+++ b/changelog.d/4513.misc
@@ -0,0 +1 @@
+Reject federation transactions if they include more than 50 PDUs or 100 EDUs.
\ No newline at end of file
diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py

index aeadc9c564..3da86d4ba6 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -148,6 +148,22 @@ class FederationServer(FederationBase):
 
         logger.debug("[%s] Transaction is new", transaction.transaction_id)
 
+        # Reject if PDU count > 50 and EDU count > 100
+        if (len(transaction.pdus) > 50
+                or (hasattr(transaction, "edus") and len(transaction.edus) > 100)):
+
+            logger.info(
+                "Transaction PDU or EDU count too large. Returning 400",
+            )
+
+            response = {}
+            yield self.transaction_actions.set_response(
+                origin,
+                transaction,
+                400, response
+            )
+            defer.returnValue((400, response))
+
         received_pdus_counter.inc(len(transaction.pdus))
 
         origin_host, _ = parse_server_name(origin)