diff options
author | Sean Quah <8349537+squahtx@users.noreply.github.com> | 2023-02-17 09:40:32 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-17 09:40:32 +0000 |
commit | 4f4f27e57fdab1d7cc6e275b8acabc785952205e (patch) | |
tree | 5cd6422f60da52dbff1b3faff91019359951a460 /changelog.d | |
parent | Document how to start Synapse with Poetry (#14892) (diff) | |
download | synapse-4f4f27e57fdab1d7cc6e275b8acabc785952205e.tar.xz |
Mitigate a race where /make_join could 403 for restricted rooms (#15080)
Previously, when creating a join event in /make_join, we would decide whether to include additional fields to satisfy restricted room checks based on the current state of the room. Then, when building the event, we would capture the forward extremities of the room to use as prev events. This is subject to race conditions. For example, when leaving and rejoining a room, the following sequence of events leads to a misleading 403 response: 1. /make_join reads the current state of the room and sees that the user is still in the room. It decides to omit the field required for restricted room joins. 2. The leave event is persisted and the room's forward extremities are updated. 3. /make_join builds the event, using the post-leave forward extremities. The event then fails the restricted room checks. To mitigate the race, we move the read of the forward extremities closer to the read of the current state. Ideally, we would compute the state based off the chosen prev events, but that can involve state resolution, which is expensive. Signed-off-by: Sean Quah <seanq@matrix.org>
Diffstat (limited to 'changelog.d')
-rw-r--r-- | changelog.d/15080.bugfix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/15080.bugfix b/changelog.d/15080.bugfix new file mode 100644 index 0000000000..965d0b921e --- /dev/null +++ b/changelog.d/15080.bugfix @@ -0,0 +1 @@ +Reduce the likelihood of a rare race condition where rejoining a restricted room over federation would fail. |