Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-03 04:04:54 -04:00
Code Issues Projects Releases Packages Wiki Activity

Improve signature checking on some federation APIs (#6262)

Browse source 
Make sure that we check that events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.
This commit is contained in:
Richard van der Hoff 2019-10-28 12:43:23 +00:00 committed by GitHub
parent 87259b3a3a
commit 172f264ed3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

20
synapse/handlers/federation.py
View file

@ -1222,7 +1222,6 @@ class FederationHandler(BaseHandler):
Returns:
Deferred[FrozenEvent]
"""
if get_domain_from_id(user_id) != origin:
logger.info(
"Got /make_join request for user %r from different origin %s, ignoring",
@ -1280,11 +1279,20 @@ class FederationHandler(BaseHandler):
event = pdu
logger.debug(
"on_send_join_request: Got event: %s, signatures: %s",
"on_send_join_request from %s: Got event: %s, signatures: %s",
origin,
event.event_id,
event.signatures,
)
if get_domain_from_id(event.sender) != origin:
logger.info(
"Got /send_join request for user %r from different origin %s",
event.sender,
origin,
)
raise SynapseError(403, "User not from origin", Codes.FORBIDDEN)
event.internal_metadata.outlier = False
# Send this event on behalf of the origin server.
#
@ -1503,6 +1511,14 @@ class FederationHandler(BaseHandler):
event.signatures,
)
if get_domain_from_id(event.sender) != origin:
logger.info(
"Got /send_leave request for user %r from different origin %s",
event.sender,
origin,
)
raise SynapseError(403, "User not from origin", Codes.FORBIDDEN)
event.internal_metadata.outlier = False
context = yield self._handle_new_event(origin, event)