Apply some limits to depth to counter abuse

* When creating a new event, cap its depth to 2^63 - 1 * When receiving events, reject any without a sensible depth As per https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
2024-06-16 01:28:32 +02:00 · 2018-05-01 16:19:39 +01:00 · 2018-05-01 16:19:39 +01:00 · 33f469ba19
parent 28dd536e80
commit 33f469ba19
3 changed files with 26 additions and 4 deletions
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@ -16,6 +16,9 @@

 """Contains constants from the specification."""

+# the "depth" field on events is limited to 2**63 - 1
+MAX_DEPTH = 2**63 - 1
+

 class Membership(object):

--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@ -14,7 +14,10 @@
 # limitations under the License.
 import logging

-from synapse.api.errors import SynapseError
+import six
+
+from synapse.api.constants import MAX_DEPTH
+from synapse.api.errors import SynapseError, Codes
 from synapse.crypto.event_signing import check_event_content_hash
 from synapse.events import FrozenEvent
 from synapse.events.utils import prune_event
@ -190,11 +193,23 @@ def event_from_pdu_json(pdu_json, outlier=False):
        FrozenEvent

    Raises:
-        SynapseError: if the pdu is missing required fields
+        SynapseError: if the pdu is missing required fields or is otherwise
+            not a valid matrix event
    """
    # we could probably enforce a bunch of other fields here (room_id, sender,
    # origin, etc etc)
-    assert_params_in_request(pdu_json, ('event_id', 'type'))
+    assert_params_in_request(pdu_json, ('event_id', 'type', 'depth'))
+
+    depth = pdu_json['depth']
+    if not isinstance(depth, six.integer_types):
+        raise SynapseError(400, "Depth %r not an intger" % (depth, ),
+                           Codes.BAD_JSON)
+
+    if depth < 0:
+        raise SynapseError(400, "Depth too small", Codes.BAD_JSON)
+    elif depth > MAX_DEPTH:
+        raise SynapseError(400, "Depth too large", Codes.BAD_JSON)
+
    event = FrozenEvent(
        pdu_json
    )
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@ -16,7 +16,7 @@
 from twisted.internet import defer, reactor
 from twisted.python.failure import Failure

-from synapse.api.constants import EventTypes, Membership
+from synapse.api.constants import EventTypes, Membership, MAX_DEPTH
 from synapse.api.errors import AuthError, Codes, SynapseError
 from synapse.crypto.event_signing import add_hashes_and_signatures
 from synapse.events.utils import serialize_event
@ -624,6 +624,10 @@ class EventCreationHandler(object):

        if prev_events_and_hashes:
            depth = max([d for _, _, d in prev_events_and_hashes]) + 1
+            # we cap depth of generated events, to ensure that they are not
+            # rejected by other servers (and so that they can be persisted in
+            # the db)
+            depth = min(depth, MAX_DEPTH)
        else:
            depth = 1