summary refs log tree commit diff
path: root/synapse/event_auth.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2020-07-10 18:15:35 +0100
committerGitHub <noreply@github.com>2020-07-10 18:15:35 +0100
commite29c44340bce07d77c824af7c9bebed04e28ad1e (patch)
tree3ebe94f9e4d0926fd257884f83de15270b8dbea1 /synapse/event_auth.py
parent1.17.0rc1 (diff)
downloadsynapse-e29c44340bce07d77c824af7c9bebed04e28ad1e.tar.xz
Fix recursion error when fetching auth chain over federation (#7817)
When fetching the state of a room over federation we receive the event
IDs of the state and auth chain. We then fetch those events that we
don't already have.

However, we used a function that recursively fetched any missing auth
events for the fetched events, which can lead to a lot of recursion if
the server is missing most of the auth chain. This work is entirely
pointless because would have queued up the missing events in the auth
chain to be fetched already.

Let's just diable the recursion, since it only gets called from one
place anyway.
Diffstat (limited to 'synapse/event_auth.py')
-rw-r--r--synapse/event_auth.py10
1 files changed, 6 insertions, 4 deletions
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index c582355146..c0981eee62 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -65,14 +65,16 @@ def check(
 
     room_id = event.room_id
 
-    # I'm not really expecting to get auth events in the wrong room, but let's
-    # sanity-check it
+    # We need to ensure that the auth events are actually for the same room, to
+    # stop people from using powers they've been granted in other rooms for
+    # example.
     for auth_event in auth_events.values():
         if auth_event.room_id != room_id:
-            raise Exception(
+            raise AuthError(
+                403,
                 "During auth for event %s in room %s, found event %s in the state "
                 "which is in room %s"
-                % (event.event_id, room_id, auth_event.event_id, auth_event.room_id)
+                % (event.event_id, room_id, auth_event.event_id, auth_event.room_id),
             )
 
     if do_sig_check: