Use event origin for filtering incoming events

We only process events sent to us from a server if the event ID matches the server, to help guard against federation storms. We replace this with a check against the event origin.
2019-01-29 16:26:40 +00:00 · 2019-01-29 16:26:40 +00:00 · 8e3d34e3c5
parent 55d9024835
commit 8e3d34e3c5
1 changed files with 7 additions and 4 deletions
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@ -25,7 +25,7 @@ from twisted.internet import defer
 from twisted.internet.abstract import isIPAddress
 from twisted.python import failure

-from synapse.api.constants import EventTypes
+from synapse.api.constants import EventTypes, Membership
 from synapse.api.errors import (
    AuthError,
    FederationError,
@ -620,16 +620,19 @@ class FederationServer(FederationBase):
        """
        # check that it's actually being sent from a valid destination to
        # workaround bug #1753 in 0.18.5 and 0.18.6
-        if origin != get_domain_from_id(pdu.event_id):
+        if origin != get_domain_from_id(pdu.sender):
            # We continue to accept join events from any server; this is
            # necessary for the federation join dance to work correctly.
            # (When we join over federation, the "helper" server is
            # responsible for sending out the join event, rather than the
-            # origin. See bug #1893).
+            # origin. See bug #1893. This is also true for some third party
+            # invites).
            if not (
                pdu.type == 'm.room.member' and
                pdu.content and
-                pdu.content.get("membership", None) == 'join'
+                pdu.content.get("membership", None) in (
+                    Membership.JOIN, Membership.INVITE,
+                )
            ):
                logger.info(
                    "Discarding PDU %s from invalid origin %s",