Block clients from sending server ACLs that lock the local server out. (#8708)

Fixes #4042
author: Erik Johnston <erik@matrix.org> 2020-11-03 12:13:48 +0000
committer: GitHub <noreply@github.com> 2020-11-03 12:13:48 +0000
commit: 243d427fbcb24c78c2df143767cd4636844fc82e (patch)
tree: a96e75b19eaee5cceae5b80c0852359444188413 /synapse/handlers
parent: Document how to set up multiple event persisters (#8706) (diff)
download: synapse-243d427fbcb24c78c2df143767cd4636844fc82e.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index ca5602c13e..c6791fb912 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -1138,6 +1138,9 @@ class EventCreationHandler:
                 if original_event.room_id != event.room_id:
                     raise SynapseError(400, "Cannot redact event from a different room")
 
+                if original_event.type == EventTypes.ServerACL:
+                    raise AuthError(403, "Redacting server ACL events is not permitted")
+
             prev_state_ids = await context.get_prev_state_ids()
             auth_events_ids = self.auth.compute_auth_events(
                 event, prev_state_ids, for_verification=True
author	Erik Johnston <erik@matrix.org>	2020-11-03 12:13:48 +0000
committer	GitHub <noreply@github.com>	2020-11-03 12:13:48 +0000
commit	243d427fbcb24c78c2df143767cd4636844fc82e (patch)
tree	a96e75b19eaee5cceae5b80c0852359444188413 /synapse/handlers
parent	Document how to set up multiple event persisters (#8706) (diff)
download	synapse-243d427fbcb24c78c2df143767cd4636844fc82e.tar.xz