Check the room_id of events when fetching room state/auth (#6524)

When we request the state/auth_events to populate a backwards extremity (on
backfill or in the case of missing events in a transaction push), we should
check that the returned events are in the right room rather than blindly using
them in the room state or auth chain.

Given that _get_events_from_store_or_dest takes a room_id, it seems clear that
it should be sanity-checking the room_id of the requested events, so let's do
it there.
This commit is contained in:
Richard van der Hoff 2019-12-12 12:57:45 +00:00 committed by Richard van der Hoff
parent 20d5ba16e6
commit 35bbe4ca79
2 changed files with 58 additions and 26 deletions

2
changelog.d/6524.misc Normal file
View File

@ -0,0 +1,2 @@
Improve sanity-checking when receiving events over federation.

View File

@ -571,7 +571,9 @@ class FederationHandler(BaseHandler):
@defer.inlineCallbacks @defer.inlineCallbacks
@log_function @log_function
def _get_state_for_room(self, destination, room_id, event_id, include_event_in_state): def _get_state_for_room(
self, destination, room_id, event_id, include_event_in_state
):
"""Requests all of the room state at a given event from a remote homeserver. """Requests all of the room state at a given event from a remote homeserver.
Args: Args:
@ -635,6 +637,10 @@ class FederationHandler(BaseHandler):
room_id (str) room_id (str)
event_ids (Iterable[str]) event_ids (Iterable[str])
If we fail to fetch any of the events, a warning will be logged, and the event
will be omitted from the result. Likewise, any events which turn out not to
be in the given room.
Returns: Returns:
Deferred[dict[str, EventBase]]: A deferred resolving to a map Deferred[dict[str, EventBase]]: A deferred resolving to a map
from event_id to event from event_id to event
@ -643,35 +649,59 @@ class FederationHandler(BaseHandler):
missing_events = set(event_ids) - fetched_events.keys() missing_events = set(event_ids) - fetched_events.keys()
if not missing_events: if missing_events:
return fetched_events logger.debug(
"Fetching unknown state/auth events %s for room %s",
missing_events,
room_id,
)
logger.debug( room_version = yield self.store.get_room_version(room_id)
"Fetching unknown state/auth events %s for room %s",
missing_events, # XXX 20 requests at once? really?
event_ids, for batch in batch_iter(missing_events, 20):
deferreds = [
run_in_background(
self.federation_client.get_pdu,
destinations=[destination],
event_id=e_id,
room_version=room_version,
)
for e_id in batch
]
res = yield make_deferred_yieldable(
defer.DeferredList(deferreds, consumeErrors=True)
)
for success, result in res:
if success and result:
fetched_events[result.event_id] = result
# check for events which were in the wrong room.
#
# this can happen if a remote server claims that the state or
# auth_events at an event in room A are actually events in room B
bad_events = list(
(event_id, event.room_id)
for event_id, event in fetched_events.items()
if event.room_id != room_id
) )
room_version = yield self.store.get_room_version(room_id) for bad_event_id, bad_room_id in bad_events:
# This is a bogus situation, but since we may only discover it a long time
# XXX 20 requests at once? really? # after it happened, we try our best to carry on, by just omitting the
for batch in batch_iter(missing_events, 20): # bad events from the returned auth/state set.
deferreds = [ logger.warning(
run_in_background( "Remote server %s claims event %s in room %s is an auth/state "
self.federation_client.get_pdu, "event in room %s",
destinations=[destination], destination,
event_id=e_id, bad_event_id,
room_version=room_version, bad_room_id,
) room_id,
for e_id in batch
]
res = yield make_deferred_yieldable(
defer.DeferredList(deferreds, consumeErrors=True)
) )
for success, result in res: del fetched_events[bad_event_id]
if success and result:
fetched_events[result.event_id] = result
return fetched_events return fetched_events