Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Sanity-check room ids in event auth #6530

Merged
merged 1 commit into from
Dec 13, 2019
Merged

Sanity-check room ids in event auth #6530

merged 1 commit into from
Dec 13, 2019

Conversation

richvdh
Copy link
Member

@richvdh richvdh commented Dec 12, 2019

When we do an event auth operation, check that all of the events involved are
in the right room.

@richvdh
Sanity-check room ids in event auth
02137be 
When we do an event auth operation, check that all of the events involved are
in the right room.
@richvdh richvdh requested a review from a team December 12, 2019 12:31
erikjohnston
erikjohnston reviewed Dec 12, 2019
View reviewed changes
synapse/event_auth.py
# sanity-check it
for auth_event in auth_events.values():
if auth_event.room_id != room_id:
raise Exception(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to 500 or 403?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given that I think the problem has happened somewhere else if we get this far, I think a 500 is more appropriate. Consider it as an assertion.

Tbh I think that our habit of trying to decide what HTTP error codes we should return in the depths of utility functions is an anti-pattern.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair

@richvdh richvdh merged commit 971a070 into develop Dec 13, 2019
@richvdh richvdh deleted the rav/event_auth/18 branch December 13, 2019 11:44
richvdh added a commit that referenced this pull request Dec 16, 2019
@richvdh
Sanity-check room ids in event auth (#6530)
6577f2d 
When we do an event auth operation, check that all of the events involved are
in the right room.
richvdh added a commit that referenced this pull request Dec 18, 2019
@richvdh
Merge tag 'v1.7.1'
4154637 
Synapse 1.7.1 (2019-12-18)
==========================

This release includes several security fixes as well as a fix to a bug exposed by the security fixes. Administrators are encouraged to upgrade as soon as possible.

Security updates
----------------

- Fix a bug which could cause room events to be incorrectly authorized using events from a different room. ([\#6501](#6501), [\#6503](#6503), [\#6521](#6521), [\#6524](#6524), [\#6530](#6530), [\#6531](#6531))
- Fix a bug causing responses to the `/context` client endpoint to not use the pruned version of the event. ([\#6553](#6553))
- Fix a cause of state resets in room versions 2 onwards. ([\#6556](#6556), [\#6560](#6560))

Bugfixes
--------

- Fix a bug which could cause the federation server to incorrectly return errors when handling certain obscure event graphs. ([\#6526](#6526), [\#6527](#6527))
babolivier pushed a commit that referenced this pull request Sep 1, 2021
@anoadragon453
Sanity-check room ids in event auth (#6530)
3719f3f 
* commit '971a0702b':
  Sanity-check room ids in event auth (#6530)
babolivier pushed a commit that referenced this pull request Sep 1, 2021
@anoadragon453
Sanity-check room ids in event auth (#6530)
33a4618 
* commit '6577f2d88':
  Sanity-check room ids in event auth (#6530)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@richvdh @erikjohnston