summary refs log tree commit diff
path: root/synapse/handlers/devicemessage.py
diff options
context:
space:
mode:
authorErik Johnston <erikj@element.io>2024-05-29 11:52:48 +0100
committerGitHub <noreply@github.com>2024-05-29 11:52:48 +0100
commitd7198dfb950ad4b2b1c65ff1b22026782d231f3c (patch)
tree40808b0e68e09597699a75e1e1bd28bf98b6fedc /synapse/handlers/devicemessage.py
parentHandle duplicate OTK uploads racing (#17241) (diff)
downloadsynapse-d7198dfb950ad4b2b1c65ff1b22026782d231f3c.tar.xz
Ignore attempts to send to-device messages to bad users (#17240)
Currently sending a to-device message to a user ID with a dodgy
destination is accepted, but then ends up spamming the logs when we try
and send to the destination.

An alternative would be to reject the request, but I'm slightly nervous
that could break things.
Diffstat (limited to '')
-rw-r--r--synapse/handlers/devicemessage.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/handlers/devicemessage.py b/synapse/handlers/devicemessage.py
index 79be7c97c8..e56bdb4072 100644
--- a/synapse/handlers/devicemessage.py
+++ b/synapse/handlers/devicemessage.py
@@ -236,6 +236,13 @@ class DeviceMessageHandler:
         local_messages = {}
         remote_messages: Dict[str, Dict[str, Dict[str, JsonDict]]] = {}
         for user_id, by_device in messages.items():
+            if not UserID.is_valid(user_id):
+                logger.warning(
+                    "Ignoring attempt to send device message to invalid user: %r",
+                    user_id,
+                )
+                continue
+
             # add an opentracing log entry for each message
             for device_id, message_content in by_device.items():
                 log_kv(