From 243d427fbcb24c78c2df143767cd4636844fc82e Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Tue, 3 Nov 2020 12:13:48 +0000
Subject: Block clients from sending server ACLs that lock the local server
 out. (#8708)

Fixes #4042
---
 synapse/handlers/message.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'synapse/handlers/message.py')

diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index ca5602c13e..c6791fb912 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -1138,6 +1138,9 @@ class EventCreationHandler:
                 if original_event.room_id != event.room_id:
                     raise SynapseError(400, "Cannot redact event from a different room")
 
+                if original_event.type == EventTypes.ServerACL:
+                    raise AuthError(403, "Redacting server ACL events is not permitted")
+
             prev_state_ids = await context.get_prev_state_ids()
             auth_events_ids = self.auth.compute_auth_events(
                 event, prev_state_ids, for_verification=True
-- 
cgit 1.4.1