Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Sanity-check room ids in event auth #6530

Merged
merged 1 commit into from
Dec 13, 2019
Merged

Sanity-check room ids in event auth #6530

merged 1 commit into from
Dec 13, 2019

Conversation

richvdh
Copy link
Member

@richvdh richvdh commented Dec 12, 2019

When we do an event auth operation, check that all of the events involved are
in the right room.

@richvdh
Sanity-check room ids in event auth
02137be 
When we do an event auth operation, check that all of the events involved are
in the right room.
@richvdh richvdh requested a review from a team December 12, 2019 12:31
erikjohnston
erikjohnston reviewed Dec 12, 2019
View reviewed changes
synapse/event_auth.py
# sanity-check it
for auth_event in auth_events.values():
if auth_event.room_id != room_id:
raise Exception(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to 500 or 403?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given that I think the problem has happened somewhere else if we get this far, I think a 500 is more appropriate. Consider it as an assertion.

Tbh I think that our habit of trying to decide what HTTP error codes we should return in the depths of utility functions is an anti-pattern.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair

@richvdh richvdh merged commit 971a070 into develop Dec 13, 2019
@richvdh richvdh deleted the rav/event_auth/18 branch December 13, 2019 11:44
richvdh added a commit that referenced this pull request Dec 16, 2019
@richvdh
Sanity-check room ids in event auth (#6530)
6577f2d 
When we do an event auth operation, check that all of the events involved are
in the right room.
richvdh added a commit that referenced this pull request Dec 18, 2019
@richvdh
Merge tag 'v1.7.1'
4154637 
Synapse 1.7.1 (2019-12-18)
==========================

This release includes several security fixes as well as a fix to a bug exposed by the security fixes. Administrators are encouraged to upgrade as soon as possible.

Security updates
----------------

- Fix a bug which could cause room events to be incorrectly authorized using events from a different room. ([\#6501](#6501), [\#6503](#6503), [\#6521](#6521), [\#6524](#6524), [\#6530](#6530), [\#6531](#6531))
- Fix a bug causing responses to the `/context` client endpoint to not use the pruned version of the event. ([\#6553](#6553))
- Fix a cause of state resets in room versions 2 onwards. ([\#6556](#6556), [\#6560](#6560))

Bugfixes
--------

- Fix a bug which could cause the federation server to incorrectly return errors when handling certain obscure event graphs. ([\#6526](#6526), [\#6527](#6527))
babolivier pushed a commit that referenced this pull request Sep 1, 2021
@anoadragon453
Sanity-check room ids in event auth (#6530)
3719f3f 
* commit '971a0702b':
  Sanity-check room ids in event auth (#6530)
babolivier pushed a commit that referenced this pull request Sep 1, 2021
@anoadragon453
Sanity-check room ids in event auth (#6530)
33a4618 
* commit '6577f2d88':
  Sanity-check room ids in event auth (#6530)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@richvdh @erikjohnston