summary refs log tree commit diff
path: root/synapse/handlers
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2023-10-31 09:58:30 -0400
committerGitHub <noreply@github.com>2023-10-31 13:58:30 +0000
commit7a3a55ac98847d7adb0e200378abe07ef8d0c645 (patch)
treee8672425999bab6a4026044167769c3ce18ea1d2 /synapse/handlers
parentClaim local one-time-keys in bulk (#16565) (diff)
downloadsynapse-7a3a55ac98847d7adb0e200378abe07ef8d0c645.tar.xz
Merge pull request from GHSA-mp92-3jfm-3575
Diffstat (limited to 'synapse/handlers')
-rw-r--r--synapse/handlers/device.py3
-rw-r--r--synapse/handlers/e2e_keys.py6
2 files changed, 9 insertions, 0 deletions
diff --git a/synapse/handlers/device.py b/synapse/handlers/device.py
index 3ce96ef3cb..93472d0117 100644
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@@ -328,6 +328,9 @@ class DeviceWorkerHandler:
         return result
 
     async def on_federation_query_user_devices(self, user_id: str) -> JsonDict:
+        if not self.hs.is_mine(UserID.from_string(user_id)):
+            raise SynapseError(400, "User is not hosted on this homeserver")
+
         stream_id, devices = await self.store.get_e2e_device_keys_for_federation_query(
             user_id
         )
diff --git a/synapse/handlers/e2e_keys.py b/synapse/handlers/e2e_keys.py
index d340d4aebe..d06524495f 100644
--- a/synapse/handlers/e2e_keys.py
+++ b/synapse/handlers/e2e_keys.py
@@ -542,6 +542,12 @@ class E2eKeysHandler:
         device_keys_query: Dict[str, Optional[List[str]]] = query_body.get(
             "device_keys", {}
         )
+        if any(
+            not self.is_mine(UserID.from_string(user_id))
+            for user_id in device_keys_query
+        ):
+            raise SynapseError(400, "User is not hosted on this homeserver")
+
         res = await self.query_local_devices(
             device_keys_query,
             include_displaynames=(