Improved validation for received requests (#9817)

* Simplify `start_listening` callpath * Correctly check the size of uploaded files
2025-05-03 21:54:49 -04:00 · 2021-04-23 19:20:44 +01:00 · 2021-04-23 19:20:44 +01:00 · 3ff2251754
commit 3ff2251754
parent 84936e2264
15 changed files with 174 additions and 31 deletions
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@ -21,7 +21,7 @@ from signedjson.key import decode_verify_key_bytes
 from signedjson.sign import SignatureVerifyException, verify_signed_json
 from unpaddedbase64 import decode_base64

-from synapse.api.constants import EventTypes, JoinRules, Membership
+from synapse.api.constants import MAX_PDU_SIZE, EventTypes, JoinRules, Membership
 from synapse.api.errors import AuthError, EventSizeError, SynapseError
 from synapse.api.room_versions import (
    KNOWN_ROOM_VERSIONS,
@ -205,7 +205,7 @@ def _check_size_limits(event: EventBase) -> None:
        too_big("type")
    if len(event.event_id) > 255:
        too_big("event_id")
-    if len(encode_canonical_json(event.get_pdu_json())) > 65536:
+    if len(encode_canonical_json(event.get_pdu_json())) > MAX_PDU_SIZE:
        too_big("event")