diff options
author | Patrick Cloke <clokep@users.noreply.github.com> | 2023-10-31 09:58:30 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-31 13:58:30 +0000 |
commit | 7a3a55ac98847d7adb0e200378abe07ef8d0c645 (patch) | |
tree | e8672425999bab6a4026044167769c3ce18ea1d2 /synapse/handlers | |
parent | Claim local one-time-keys in bulk (#16565) (diff) | |
download | synapse-7a3a55ac98847d7adb0e200378abe07ef8d0c645.tar.xz |
Merge pull request from GHSA-mp92-3jfm-3575
Diffstat (limited to 'synapse/handlers')
-rw-r--r-- | synapse/handlers/device.py | 3 | ||||
-rw-r--r-- | synapse/handlers/e2e_keys.py | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/synapse/handlers/device.py b/synapse/handlers/device.py index 3ce96ef3cb..93472d0117 100644 --- a/synapse/handlers/device.py +++ b/synapse/handlers/device.py @@ -328,6 +328,9 @@ class DeviceWorkerHandler: return result async def on_federation_query_user_devices(self, user_id: str) -> JsonDict: + if not self.hs.is_mine(UserID.from_string(user_id)): + raise SynapseError(400, "User is not hosted on this homeserver") + stream_id, devices = await self.store.get_e2e_device_keys_for_federation_query( user_id ) diff --git a/synapse/handlers/e2e_keys.py b/synapse/handlers/e2e_keys.py index d340d4aebe..d06524495f 100644 --- a/synapse/handlers/e2e_keys.py +++ b/synapse/handlers/e2e_keys.py @@ -542,6 +542,12 @@ class E2eKeysHandler: device_keys_query: Dict[str, Optional[List[str]]] = query_body.get( "device_keys", {} ) + if any( + not self.is_mine(UserID.from_string(user_id)) + for user_id in device_keys_query + ): + raise SynapseError(400, "User is not hosted on this homeserver") + res = await self.query_local_devices( device_keys_query, include_displaynames=( |