diff options
author | Richard van der Hoff <richard@matrix.org> | 2018-05-01 18:14:18 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2018-05-01 18:14:18 +0100 |
commit | d5eee5d601cb291bcd6eb409f818c0e27a1658b0 (patch) | |
tree | 8c71771ba723609335feb16568fe0b540a33d451 /synapse/federation/federation_base.py | |
parent | Miscellaneous fixes to python_dependencies (diff) | |
parent | Apply some limits to depth to counter abuse (diff) | |
download | synapse-d5eee5d601cb291bcd6eb409f818c0e27a1658b0.tar.xz |
Merge commit '33f469b' into release-v0.28.1
Diffstat (limited to 'synapse/federation/federation_base.py')
-rw-r--r-- | synapse/federation/federation_base.py | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py index 79eaa31031..4cc98a3fe8 100644 --- a/synapse/federation/federation_base.py +++ b/synapse/federation/federation_base.py @@ -14,7 +14,10 @@ # limitations under the License. import logging -from synapse.api.errors import SynapseError +import six + +from synapse.api.constants import MAX_DEPTH +from synapse.api.errors import SynapseError, Codes from synapse.crypto.event_signing import check_event_content_hash from synapse.events import FrozenEvent from synapse.events.utils import prune_event @@ -190,11 +193,23 @@ def event_from_pdu_json(pdu_json, outlier=False): FrozenEvent Raises: - SynapseError: if the pdu is missing required fields + SynapseError: if the pdu is missing required fields or is otherwise + not a valid matrix event """ # we could probably enforce a bunch of other fields here (room_id, sender, # origin, etc etc) - assert_params_in_request(pdu_json, ('event_id', 'type')) + assert_params_in_request(pdu_json, ('event_id', 'type', 'depth')) + + depth = pdu_json['depth'] + if not isinstance(depth, six.integer_types): + raise SynapseError(400, "Depth %r not an intger" % (depth, ), + Codes.BAD_JSON) + + if depth < 0: + raise SynapseError(400, "Depth too small", Codes.BAD_JSON) + elif depth > MAX_DEPTH: + raise SynapseError(400, "Depth too large", Codes.BAD_JSON) + event = FrozenEvent( pdu_json ) |