Merge pull request #4396 from matrix-org/matthew/bodge_device_update_dos

limit remote device lists to 10000 entries per user
2019-01-15 21:47:00 +00:00 · 2019-01-15 21:47:00 +00:00 · b43172ffbc
parent 892f6c98ec b4796d1814
commit b43172ffbc
1 changed files with 15 additions and 0 deletions
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@ -532,6 +532,21 @@ class DeviceListEduUpdater(object):

                stream_id = result["stream_id"]
                devices = result["devices"]
+
+                # If the remote server has more than ~1000 devices for this user
+                # we assume that something is going horribly wrong (e.g. a bot
+                # that logs in and creates a new device every time it tries to
+                # send a message).  Maintaining lots of devices per user in the
+                # cache can cause serious performance issues as if this request
+                # takes more than 60s to complete, internal replication from the
+                # inbound federation worker to the synapse master may time out
+                # causing the inbound federation to fail and causing the remote
+                # server to retry, causing a DoS.  So in this scenario we give
+                # up on storing the total list of devices and only handle the
+                # delta instead.
+                if len(devices) > 1000:
+                    devices = []
+
                yield self.store.update_remote_device_list_cache(
                    user_id, devices, stream_id,
                )