Merge pull request from GHSA-mp92-3jfm-3575

author: Patrick Cloke <clokep@users.noreply.github.com> 2023-10-31 09:58:30 -0400
committer: Erik Johnston <erik@matrix.org> 2023-10-31 13:59:09 +0000
commit: daec55e1fe120c564240c5386e77941372bf458f (patch)
tree: 59a102dd37e10981743d959a2cc6aec64990296d /synapse/handlers/device.py
parent: 1.95.0 (diff)
download: synapse-daec55e1fe120c564240c5386e77941372bf458f.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/synapse/handlers/device.py b/synapse/handlers/device.py
index 544bc7c13d..b0f6011629 100644
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@@ -328,6 +328,9 @@ class DeviceWorkerHandler:
         return result
 
     async def on_federation_query_user_devices(self, user_id: str) -> JsonDict:
+        if not self.hs.is_mine(UserID.from_string(user_id)):
+            raise SynapseError(400, "User is not hosted on this homeserver")
+
         stream_id, devices = await self.store.get_e2e_device_keys_for_federation_query(
             user_id
         )
author	Patrick Cloke <clokep@users.noreply.github.com>	2023-10-31 09:58:30 -0400
committer	Erik Johnston <erik@matrix.org>	2023-10-31 13:59:09 +0000
commit	daec55e1fe120c564240c5386e77941372bf458f (patch)
tree	59a102dd37e10981743d959a2cc6aec64990296d /synapse/handlers/device.py
parent	1.95.0 (diff)
download	synapse-daec55e1fe120c564240c5386e77941372bf458f.tar.xz