0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2025-03-15 19:00:04 +01:00

Ensure that we reject events which use rejected events for auth ()

When we consider whether to accept events, we should not accept those which
depend on rejected events for their auth events.

This (together with earlier changes such as
https://github.com/matrix-org/synapse/pull/10771 and
https://github.com/matrix-org/synapse/pull/10896) forms a partial fix to
https://github.com/matrix-org/synapse/issues/9595. There still remain code
paths where we do not check the `auth_events` at all.
This commit is contained in:
Richard van der Hoff 2021-10-05 13:23:29 +01:00 committed by GitHub
parent 787af4a106
commit 3a5b0cbe7a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
changelog.d
synapse

1
changelog.d/10956.bugfix Normal file
View file

@ -0,0 +1 @@
Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state.

View file

@ -155,6 +155,12 @@ def check_auth_rules_for_event(
"which is in room %s" "which is in room %s"
% (event.event_id, room_id, auth_event.event_id, auth_event.room_id), % (event.event_id, room_id, auth_event.event_id, auth_event.room_id),
) )
if auth_event.rejected_reason:
raise AuthError(
403,
"During auth for event %s: found rejected event %s in the state"
% (event.event_id, auth_event.event_id),
)
# Implementation of https://matrix.org/docs/spec/rooms/v1#authorization-rules # Implementation of https://matrix.org/docs/spec/rooms/v1#authorization-rules
# #