Limit the size of the aggregation_key (#12101)

There's no reason to let people use long keys.
matrix-org · Mar 3, 2022 · 61fd2a8 · 61fd2a8
1 parent 31b125c
commit 61fd2a8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/changelog.d/12101.misc b/changelog.d/12101.misc
@@ -0,0 +1 @@
+Limit the size of `aggregation_key` on annotations.
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
@@ -1069,6 +1069,9 @@ async def _validate_event_relation(self, event: EventBase) -> None:
         if relation_type == RelationTypes.ANNOTATION:
             aggregation_key = relation["key"]
 
+            if len(aggregation_key) > 500:
+                raise SynapseError(400, "Aggregation key is too long")
+
             already_exists = await self.store.has_user_annotated_event(
                 relates_to, event.type, aggregation_key, event.sender
             )