diff options
author | Richard van der Hoff <richard@matrix.org> | 2018-05-01 16:19:39 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2018-05-01 17:54:19 +0100 |
commit | 33f469ba19586bbafa0cf2c7d7c35463bdab87eb (patch) | |
tree | 10e97f31a3a34eafd12032236805190d2f63d90e /synapse/handlers | |
parent | update changelog and bump version to 0.28.0 (diff) | |
download | synapse-33f469ba19586bbafa0cf2c7d7c35463bdab87eb.tar.xz |
Apply some limits to depth to counter abuse
* When creating a new event, cap its depth to 2^63 - 1 * When receiving events, reject any without a sensible depth As per https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
Diffstat (limited to 'synapse/handlers')
-rw-r--r-- | synapse/handlers/message.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py index 21628a8540..53beb2b9ab 100644 --- a/synapse/handlers/message.py +++ b/synapse/handlers/message.py @@ -16,7 +16,7 @@ from twisted.internet import defer, reactor from twisted.python.failure import Failure -from synapse.api.constants import EventTypes, Membership +from synapse.api.constants import EventTypes, Membership, MAX_DEPTH from synapse.api.errors import AuthError, Codes, SynapseError from synapse.crypto.event_signing import add_hashes_and_signatures from synapse.events.utils import serialize_event @@ -624,6 +624,10 @@ class EventCreationHandler(object): if prev_events_and_hashes: depth = max([d for _, _, d in prev_events_and_hashes]) + 1 + # we cap depth of generated events, to ensure that they are not + # rejected by other servers (and so that they can be persisted in + # the db) + depth = min(depth, MAX_DEPTH) else: depth = 1 |