diff options
author | Mark Haines <mark.haines@matrix.org> | 2017-06-30 16:20:30 +0100 |
---|---|---|
committer | Mark Haines <mark.haines@matrix.org> | 2017-06-30 16:20:30 +0100 |
commit | 3e279411fef18626de2131279347eef6e01732ad (patch) | |
tree | 1413323765bfdcb65ecaba4728c6b18b10522780 /synapse/handlers/federation.py | |
parent | Merge pull request #2321 from matrix-org/erikj/prefill_forward (diff) | |
download | synapse-3e279411fef18626de2131279347eef6e01732ad.tar.xz |
Improve the error handling for bad invites received over federation
Diffstat (limited to 'synapse/handlers/federation.py')
-rw-r--r-- | synapse/handlers/federation.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index f7ae369a1d..483cb8eac6 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -75,6 +75,7 @@ class FederationHandler(BaseHandler): self.server_name = hs.hostname self.keyring = hs.get_keyring() self.action_generator = hs.get_action_generator() + self.is_mine_id = hs.is_mine_id self.replication_layer.set_handler(self) @@ -1072,6 +1073,20 @@ class FederationHandler(BaseHandler): if is_blocked: raise SynapseError(403, "This room has been blocked on this server") + membership = event.content.get("membership") + if event.type != EventTypes.Member or membership != Membership.INVITE: + raise SynapseError(400, "The event was not an m.room.member invite event") + + sender_domain = get_domain_from_id(event.sender) + if sender_domain != origin: + raise SynapseError(400, "The invite event was not from the server sending it") + + if event.state_key is None: + raise SynapseError(400, "The invite event did not have a state key") + + if not self.is_mine_id(event.state_key): + raise SynapseError(400, "The invite event must be for this server") + event.internal_metadata.outlier = True event.internal_metadata.invite_from_remote = True @@ -1280,7 +1295,7 @@ class FederationHandler(BaseHandler): for event in res: # We sign these again because there was a bug where we # incorrectly signed things the first time round - if self.hs.is_mine_id(event.event_id): + if self.is_mine_id(event.event_id): event.signatures.update( compute_event_signature( event, @@ -1353,7 +1368,7 @@ class FederationHandler(BaseHandler): ) if event: - if self.hs.is_mine_id(event.event_id): + if self.is_mine_id(event.event_id): # FIXME: This is a temporary work around where we occasionally # return events slightly differently than when they were # originally signed |