Synapse does not reject an attempt to upload keys for device A from device B #11720

DMRobertson · 2022-01-10T18:29:42Z

Discovered when playing around writing a stress test.

Synapse seems to treat the contents of /keys/upload as an opaque blob. But the spec is pretty explicit that it should have a certain shape, and that you must include a device_id which matches "the one when logging in".

As proof, I offer the following debug line

* 2022-01-10 18:21:09,180 - synapse.handlers.device - 251 - WARNING - GET-4 - DMR: stream_id=6, devices=[{'device_id': 'MEVKUJOZQV* ', 'keys': {'algorithms': [], 'device_id': 'alice_1', 'keys': {}, 'signatures': {}, 'user_id': '@alice:hs1'}}]

which came from

    async def on_federation_query_user_devices(self, user_id: str) -> JsonDict:
        stream_id, devices = await self.store.get_e2e_device_keys_for_federation_query(
            user_id
        )
        logger.warning(f"DMR: {stream_id=}, {devices=}")

The text was updated successfully, but these errors were encountered:

DMRobertson added P4 (OBSOLETE: use S- labels.) Okay backlog: will not schedule, will accept patches S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. labels Jan 10, 2022

MadLittleMods added the z-cross-signing (Deprecated Label) label Jun 28, 2023

matrixbot mentioned this issue Dec 21, 2023

Synapse does not reject an attempt to upload keys for device A from device B element-hq/synapse#11720

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Synapse does not reject an attempt to upload keys for device A from device B #11720

Synapse does not reject an attempt to upload keys for device A from device B #11720

DMRobertson commented Jan 10, 2022

Synapse does not reject an attempt to upload keys for device A from device B #11720

Synapse does not reject an attempt to upload keys for device A from device B #11720

Comments

DMRobertson commented Jan 10, 2022