This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Use _check_sigs_and_hash_and_fetch to validate backfill requests #8350
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a bit of a hack, as `_check_sigs_and_hash_and_fetch` is intended for attempting to pull an event from the database/(re)pull it from the server that originally sent the event if checking the signature of the event fails. During backfill we *know* that we won't have the event in our database, however it is still useful to be able to query the original sending server as the server we're backfilling from may be acting maliciously. The main benefit and reason for this change however is that `_check_sigs_and_hash_and_fetch` will drop an event during backfill if it cannot be successfully validated, whereas the current code will simply fail the backfill request - resulting in the client's /messages request silently being dropped. This is a quick patch to fix backfilling rooms that contain malformed events. A better implementation in planned in future.
|
Possibly relevant: #2726 |
erikjohnston
approved these changes
Sep 18, 2020
|
The test failures are due to tests that were added and fixed after v1.19 |
clokep
reviewed
Sep 18, 2020
| @@ -350,6 +348,7 @@ async def _check_sigs_and_hash_and_fetch( | |||
| room_version: RoomVersion, | |||
| outlier: bool = False, | |||
| include_none: bool = False, | |||
| check_db: bool = True, | |||
There was a problem hiding this comment.
Did you want to use this somewhere?
Talked about in Matrix, but this isn't true. The tests failing are older tests that have existed for a while. |
However it seems that the branch we're merging into fails these tests as well, which isn't great, but at least it doesn't seem like it's due to this code. I'm going to revert the |
This reverts commit 8552287.
anoadragon453
added a commit
that referenced
this pull request
Sep 18, 2020
This is a bit of a hack, as `_check_sigs_and_hash_and_fetch` is intended for attempting to pull an event from the database/(re)pull it from the server that originally sent the event if checking the signature of the event fails. During backfill we *know* that we won't have the event in our database, however it is still useful to be able to query the original sending server as the server we're backfilling from may be acting maliciously. The main benefit and reason for this change however is that `_check_sigs_and_hash_and_fetch` will drop an event during backfill if it cannot be successfully validated, whereas the current code will simply fail the backfill request - resulting in the client's /messages request silently being dropped. This is a quick patch to fix backfilling rooms that contain malformed events. A better implementation in planned in future.
babolivier
pushed a commit
that referenced
this pull request
Sep 1, 2021
* commit 'd5f7182ba': 1.20.0rc5 1.19.3 Use _check_sigs_and_hash_and_fetch to validate backfill requests (#8350)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a partial fix to backfilling rooms with malformed events. It will
allow for backfilling a partial set of events in the room, but will not fix your
backfill eventually running out.
This could be cleaner, as
_check_sigs_and_hash_and_fetchis intendedfor attempting to pull an event from the database/(re)pull it from the
server that originally sent the event if checking the signature of the
event fails.
During backfill we know that we won't have the event in our database,
however it is still useful to be able to query the original sending
server as the server we're backfilling from may be acting maliciously.
The main benefit and reason for using this method however is that
_check_sigs_and_hash_and_fetchwill drop an event during backfill ifit cannot be successfully validated, whereas the current code will
simply fail the backfill request - resulting in the client's /messages
request silently being dropped.