summary refs log tree commit diff
path: root/synapse/handlers
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2020-11-03 12:13:48 +0000
committerGitHub <noreply@github.com>2020-11-03 12:13:48 +0000
commit243d427fbcb24c78c2df143767cd4636844fc82e (patch)
treea96e75b19eaee5cceae5b80c0852359444188413 /synapse/handlers
parentDocument how to set up multiple event persisters (#8706) (diff)
downloadsynapse-243d427fbcb24c78c2df143767cd4636844fc82e.tar.xz
Block clients from sending server ACLs that lock the local server out. (#8708)
Fixes #4042
Diffstat (limited to 'synapse/handlers')
-rw-r--r--synapse/handlers/message.py3
1 files changed, 3 insertions, 0 deletions
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index ca5602c13e..c6791fb912 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -1138,6 +1138,9 @@ class EventCreationHandler:
                 if original_event.room_id != event.room_id:
                     raise SynapseError(400, "Cannot redact event from a different room")
 
+                if original_event.type == EventTypes.ServerACL:
+                    raise AuthError(403, "Redacting server ACL events is not permitted")
+
             prev_state_ids = await context.get_prev_state_ids()
             auth_events_ids = self.auth.compute_auth_events(
                 event, prev_state_ids, for_verification=True