forked from MirrorHub/synapse
Ensure that we reject events which use rejected events for auth (#10956)
When we consider whether to accept events, we should not accept those which depend on rejected events for their auth events. This (together with earlier changes such as https://github.com/matrix-org/synapse/pull/10771 and https://github.com/matrix-org/synapse/pull/10896) forms a partial fix to https://github.com/matrix-org/synapse/issues/9595. There still remain code paths where we do not check the `auth_events` at all.
This commit is contained in:
parent
787af4a106
commit
3a5b0cbe7a
2 changed files with 7 additions and 0 deletions
1
changelog.d/10956.bugfix
Normal file
1
changelog.d/10956.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state.
|
|
@ -155,6 +155,12 @@ def check_auth_rules_for_event(
|
||||||
"which is in room %s"
|
"which is in room %s"
|
||||||
% (event.event_id, room_id, auth_event.event_id, auth_event.room_id),
|
% (event.event_id, room_id, auth_event.event_id, auth_event.room_id),
|
||||||
)
|
)
|
||||||
|
if auth_event.rejected_reason:
|
||||||
|
raise AuthError(
|
||||||
|
403,
|
||||||
|
"During auth for event %s: found rejected event %s in the state"
|
||||||
|
% (event.event_id, auth_event.event_id),
|
||||||
|
)
|
||||||
|
|
||||||
# Implementation of https://matrix.org/docs/spec/rooms/v1#authorization-rules
|
# Implementation of https://matrix.org/docs/spec/rooms/v1#authorization-rules
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in a new issue