mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2025-05-02 21:24:51 -04:00
Apply some limits to depth to counter abuse
* When creating a new event, cap its depth to 2^63 - 1 * When receiving events, reject any without a sensible depth As per https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
This commit is contained in:
Richard van der Hoff
parent
28dd536e80
commit
33f469ba19
3 changed files with 26 additions and 4 deletions
|
|
@ -16,7 +16,7 @@
|
|||
from twisted.internet import defer, reactor
|
||||
from twisted.python.failure import Failure
|
||||
|
||||
from synapse.api.constants import EventTypes, Membership
|
||||
from synapse.api.constants import EventTypes, Membership, MAX_DEPTH
|
||||
from synapse.api.errors import AuthError, Codes, SynapseError
|
||||
from synapse.crypto.event_signing import add_hashes_and_signatures
|
||||
from synapse.events.utils import serialize_event
|
||||
|
|
@ -624,6 +624,10 @@ class EventCreationHandler(object):
|
|||
|
||||
if prev_events_and_hashes:
|
||||
depth = max([d for _, _, d in prev_events_and_hashes]) + 1
|
||||
# we cap depth of generated events, to ensure that they are not
|
||||
# rejected by other servers (and so that they can be persisted in
|
||||
# the db)
|
||||
depth = min(depth, MAX_DEPTH)
|
||||
else:
|
||||
depth = 1
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue