From b1edf260519eeef06d264f75604994f905c8916a Mon Sep 17 00:00:00 2001
From: Luke Barnard <luke@matrix.org>
Date: Thu, 16 Nov 2017 17:54:27 +0000
Subject: [PATCH] Check group_id belongs to this domain

---
 synapse/appservice/__init__.py | 14 +++++++++++---
 synapse/config/appservice.py   |  1 +
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/synapse/appservice/__init__.py b/synapse/appservice/__init__.py
index 5c6c724fae..5be5120c91 100644
--- a/synapse/appservice/__init__.py
+++ b/synapse/appservice/__init__.py
@@ -14,6 +14,7 @@
 # limitations under the License.
 from synapse.api.constants import EventTypes
 from synapse.util.caches.descriptors import cachedInlineCallbacks
+from synapse.types import GroupID, get_domain_from_id
 
 from twisted.internet import defer
 
@@ -83,12 +84,13 @@ class ApplicationService(object):
 
     GROUP_ID_REGEX = re.compile('\+.*:.+')
 
-    def __init__(self, token, url=None, namespaces=None, hs_token=None,
+    def __init__(self, token, hostname, url=None, namespaces=None, hs_token=None,
                  sender=None, id=None, protocols=None, rate_limited=True):
         self.token = token
         self.url = url
         self.hs_token = hs_token
         self.sender = sender
+        self.server_name = hostname
         self.namespaces = self._check_namespaces(namespaces)
         self.id = id
 
@@ -132,12 +134,18 @@ class ApplicationService(object):
                         raise ValueError(
                             "Expected string for 'group_id' in ns '%s'" % ns
                         )
-                    if not ApplicationService.GROUP_ID_REGEX.match(
-                            regex_obj.get("group_id")):
+                    try:
+                        GroupID.from_string(regex_obj.get("group_id"))
+                    except Exception:
                         raise ValueError(
                             "Expected valid group ID for 'group_id' in ns '%s'" % ns
                         )
 
+                    if get_domain_from_id(regex_obj.get("group_id")) != self.server_name:
+                        raise ValueError(
+                            "Expected string for 'group_id' to be for this host in ns '%s'" % ns
+                        )
+
                 regex = regex_obj.get("regex")
                 if isinstance(regex, basestring):
                     regex_obj["regex"] = re.compile(regex)  # Pre-compile regex
diff --git a/synapse/config/appservice.py b/synapse/config/appservice.py
index 82c50b8240..aba0aec6e8 100644
--- a/synapse/config/appservice.py
+++ b/synapse/config/appservice.py
@@ -154,6 +154,7 @@ def _load_appservice(hostname, as_info, config_filename):
         )
     return ApplicationService(
         token=as_info["as_token"],
+        hostname=hostname,
         url=as_info["url"],
         namespaces=as_info["namespaces"],
         hs_token=as_info["hs_token"],