Configurable maximum number of events requested by /sync and /messages

[psaavedra]

Fixes: #2220

Some test done during this Saturday confirmed me a new attact vector for Matrix using the /sync (API). The vulnerability is on Matrix don't set an upper limit for the max number of events to request for a requested room, this allow the attacker generates huge SQL queries in the server which can degradate the service and lead a DDoS.

Set the limit on the returned events in the timeline in the get and sync operations. The default value is -1, means no upper limit.

For example, using filter_timeline_limit: 5000:

POST /_matrix/client/r0/user/user:id/filter
{
room: {
    timeline: {
      limit: 1000000000000000000
    }
}
}

GET /_matrix/client/r0/user/user:id/filter/filter:id

{
room: {
    timeline: {
      limit: 5000
    }
}
}

The server cuts down the room.timeline.limit.

Signed-off-by: Pablo Saavedra (psaavedra@igalia.com)

[matrixbot]

Can one of the admins verify this patch?

[matrixbot]

Can one of the admins verify this patch?

[matrixbot]

Can one of the admins verify this patch?

[erikjohnston]

@matrixbot ok to test

[psaavedra]

Fixing errors. ...

[erikjohnston]

Style nit: We prefer to never use \ style new line continuations and instead use brackets.

e.g. something like:

if (
    'room' in filter_json
    and 'timeline' in filter_json['room']
    and 'limit' in filter_json['room']['timeline']
):
    ...

(This could also be written as:

timeline = filter_json.get('room', {}).get('timeline', {})
if 'limit' in timeline:
    ...

but I'm not sure if that's actually better in this case)

[erikjohnston]

Style nit: For multi line stuff we prefer the following style:

set_timeline_upper_limit(
    content,
    self.hs.config.filter_timeline_limit,
)

[erikjohnston]

Other than some style nits this looks good! If you could quickly fix those up then I'm happy to merge this

(Note to self: see if we can get pyflakes to complain about those things)

[psaavedra]

Updated according with the style suggestions.

…

On 15 May 2017 3:57 p.m., "Erik Johnston" ***@***.***> wrote: Other than some style nits this looks good! If you could quickly fix those up then I'm happy to merge this (Note to self: see if we can get pyflakes to complain about those things) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2221 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAXABl6ncFmnevPSW26wjyaJ1dELXh4kks5r6Fm6gaJpZM4NaHfr> .

[erikjohnston]

Thanks for this! Could you just quickly sign off as per CONTRIBUTING.rst please? Just as a comment/email here is fine. (Sorry for not spotting this before)

[psaavedra]

Signed-off-by: Pablo Saavedra psaavedra@igalia.com

[psaavedra]

My bad, I should include it in the first comment.

…

On 15 May 2017 4:56 p.m., "Erik Johnston" ***@***.***> wrote: Thanks for this! Could you just quickly sign off as per CONTRIBUTING.rst <https://github.com/matrix-org/synapse/blob/master/CONTRIBUTING.rst#sign-off> please? Just as a comment/email here is fine. (Sorry for not spotting this before) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2221 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAXABs6g9o28m8eBsf_GIBX1xWmuH5yTks5r6GelgaJpZM4NaHfr> .

[erikjohnston]

Thanks!