Add a couple more checks to the keyring

matrix-org · Jul 26, 2016 · a4b06b6 · a4b06b6
1 parent c63b169
commit a4b06b6
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
@@ -447,7 +447,7 @@ def get_server_verify_key_v2_indirect(self, server_names_and_key_ids,
                 )
 
             processed_response = yield self.process_v2_response(
-                perspective_name, response
+                perspective_name, response, only_from_server=False
             )
 
             for server_name, response_keys in processed_response.items():
@@ -527,7 +527,7 @@ def get_server_verify_key_v2_direct(self, server_name, key_ids):
 
     @defer.inlineCallbacks
     def process_v2_response(self, from_server, response_json,
-                            requested_ids=[]):
+                            requested_ids=[], only_from_server=True):
         time_now_ms = self.clock.time_msec()
         response_keys = {}
         verify_keys = {}
@@ -551,6 +551,13 @@ def process_v2_response(self, from_server, response_json,
 
         results = {}
         server_name = response_json["server_name"]
+        if only_from_server:
+            if server_name != from_server:
+                raise ValueError(
+                    "Expected a response for server %r not %r" % (
+                        from_server, server_name
+                    )
+                )
         for key_id in response_json["signatures"].get(server_name, {}):
             if key_id not in response_json["verify_keys"]:
                 raise ValueError(