From 8b93af662d432cf6b3d36cbbcbd4dd2427bde658 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Thu, 8 Sep 2016 15:04:46 +0100
Subject: Check the user_id for presence/typing matches origin

---
 synapse/handlers/presence.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'synapse/handlers/presence.py')

diff --git a/synapse/handlers/presence.py b/synapse/handlers/presence.py
index da9f0da69e..7a3c16a8aa 100644
--- a/synapse/handlers/presence.py
+++ b/synapse/handlers/presence.py
@@ -651,6 +651,13 @@ class PresenceHandler(object):
                 )
                 continue
 
+            if get_domain_from_id(user_id) != origin:
+                logger.info(
+                    "Got presence update from %r with bad 'user_id': %r",
+                    origin, user_id,
+                )
+                continue
+
             presence_state = push.get("presence", None)
             if not presence_state:
                 logger.info(
-- 
cgit 1.5.1