Improve validation of field size limits in events. (#14664)

author: reivilibre <oliverw@matrix.org> 2022-12-13 13:19:19 +0000
committer: GitHub <noreply@github.com> 2022-12-13 13:19:19 +0000
commit: 62ed877433e23ba055cbc69a089c09d03c67681d (patch)
tree: f156f6de4721c8cfb9259713a37ec49ce9b510eb /synapse/handlers
parent: Allow selecting "prejoin" events by state keys (#14642) (diff)
download: synapse-62ed877433e23ba055cbc69a089c09d03c67681d.tar.xz
1 files changed, 20 insertions, 0 deletions
diff --git a/synapse/handlers/federation_event.py b/synapse/handlers/federation_event.py
index d2facdab60..66aca2f864 100644
--- a/synapse/handlers/federation_event.py
+++ b/synapse/handlers/federation_event.py
@@ -43,6 +43,7 @@ from synapse.api.constants import (
 from synapse.api.errors import (
     AuthError,
     Codes,
+    EventSizeError,
     FederationError,
     FederationPullAttemptBackoffError,
     HttpResponseException,
@@ -1736,6 +1737,15 @@ class FederationEventHandler:
                 except AuthError as e:
                     logger.warning("Rejecting %r because %s", event, e)
                     context.rejected = RejectedReason.AUTH_ERROR
+                except EventSizeError as e:
+                    if e.unpersistable:
+                        # This event is completely unpersistable.
+                        raise e
+                    # Otherwise, we are somewhat lenient and just persist the event
+                    # as rejected, for moderate compatibility with older Synapse
+                    # versions.
+                    logger.warning("While validating received event %r: %s", event, e)
+                    context.rejected = RejectedReason.OVERSIZED_EVENT
 
             events_and_contexts_to_persist.append((event, context))
 
@@ -1781,6 +1791,16 @@ class FederationEventHandler:
             # TODO: use a different rejected reason here?
             context.rejected = RejectedReason.AUTH_ERROR
             return
+        except EventSizeError as e:
+            if e.unpersistable:
+                # This event is completely unpersistable.
+                raise e
+            # Otherwise, we are somewhat lenient and just persist the event
+            # as rejected, for moderate compatibility with older Synapse
+            # versions.
+            logger.warning("While validating received event %r: %s", event, e)
+            context.rejected = RejectedReason.OVERSIZED_EVENT
+            return
 
         # next, check that we have all of the event's auth events.
         #
author	reivilibre <oliverw@matrix.org>	2022-12-13 13:19:19 +0000
committer	GitHub <noreply@github.com>	2022-12-13 13:19:19 +0000
commit	62ed877433e23ba055cbc69a089c09d03c67681d (patch)
tree	f156f6de4721c8cfb9259713a37ec49ce9b510eb /synapse/handlers
parent	Allow selecting "prejoin" events by state keys (#14642) (diff)
download	synapse-62ed877433e23ba055cbc69a089c09d03c67681d.tar.xz