diff options
-rw-r--r-- | CHANGES.rst | 10 | ||||
-rw-r--r-- | synapse/__init__.py | 2 | ||||
-rw-r--r-- | synapse/federation/federation_server.py | 40 |
3 files changed, 31 insertions, 21 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index 3db747df38..3fb3197ace 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,3 +1,11 @@ +Changes in synapse v0.18.7-rc2 (2017-01-07) +=========================================== + +Bug fixes: + +* Fix error in rc1's discarding invalid inbound traffic logic that was + incorrectly discarding missing events + Changes in synapse v0.18.7-rc1 (2017-01-06) =========================================== @@ -5,6 +13,8 @@ Bug fixes: * Fix error in #PR 1764 to actually fix the nightmare #1753 bug. * Improve deadlock logging further +* Discard inbound federation traffic from invalid domains, to immunise + against #1753 Changes in synapse v0.18.6 (2017-01-06) ======================================= diff --git a/synapse/__init__.py b/synapse/__init__.py index 91e3a2c2e0..cb332279df 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -16,4 +16,4 @@ """ This is a reference implementation of a Matrix home server. """ -__version__ = "0.18.7-rc1" +__version__ = "0.18.7-rc2" diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py index 5f6e6cbb42..1fee4e83a6 100644 --- a/synapse/federation/federation_server.py +++ b/synapse/federation/federation_server.py @@ -144,6 +144,26 @@ class FederationServer(FederationBase): results = [] for pdu in pdu_list: + # check that it's actually being sent from a valid destination to + # workaround bug #1753 in 0.18.5 and 0.18.6 + if transaction.origin != get_domain_from_id(pdu.event_id): + if not ( + pdu.type == 'm.room.member' and + pdu.content and + pdu.content.get("membership", None) == 'join' and + self.hs.is_mine_id(pdu.state_key) + ): + logger.info( + "Discarding PDU %s from invalid origin %s", + pdu.event_id, transaction.origin + ) + continue + else: + logger.info( + "Accepting join PDU %s from %s", + pdu.event_id, transaction.origin + ) + try: yield self._handle_new_pdu(transaction.origin, pdu) results.append({}) @@ -477,26 +497,6 @@ class FederationServer(FederationBase): @log_function def _handle_new_pdu(self, origin, pdu, get_missing=True): - # check that it's actually being sent from a valid destination to - # workaround bug #1753 in 0.18.5 and 0.18.6 - if origin != get_domain_from_id(pdu.event_id): - if not ( - pdu.type == 'm.room.member' and - pdu.content and - pdu.content.get("membership", None) == 'join' and - self.hs.is_mine_id(pdu.state_key) - ): - logger.info( - "Discarding PDU %s from invalid origin %s", - pdu.event_id, origin - ) - return - else: - logger.info( - "Accepting join PDU %s from %s", - pdu.event_id, origin - ) - # We reprocess pdus when we have seen them only as outliers existing = yield self._get_persisted_pdu( origin, pdu.event_id, do_auth=False |