Fix an issue with ignoring power_level changes on divergent graphs

Changes to m.room.power_levels events are supposed to be handled at a high priority; however a typo meant that the relevant bit of code was never executed, so they were handled just like any other state change - which meant that a bad person could cause room state changes by forking the graph from a point in history when they were allowed to do so.
2025-05-02 21:44:52 -04:00 · 2015-11-12 13:10:25 +00:00 · 2015-11-12 13:10:25 +00:00 · 78f6010207
commit 78f6010207
parent 06bfd0a3c0
2 changed files with 104 additions and 5 deletions
--- a/synapse/state.py
+++ b/synapse/state.py
@ -307,19 +307,23 @@ class StateHandler(object):

        We resolve conflicts in the following order:
            1. power levels
-            2. memberships
-            3. other events.
+            2. join rules
+            3. memberships
+            4. other events.
        """
        resolved_state = {}
        power_key = (EventTypes.PowerLevels, "")
-        if power_key in conflicted_state.items():
-            power_levels = conflicted_state[power_key]
-            resolved_state[power_key] = self._resolve_auth_events(power_levels)
+        if power_key in conflicted_state:
+            events = conflicted_state[power_key]
+            logger.debug("Resolving conflicted power levels %r", events)
+            resolved_state[power_key] = self._resolve_auth_events(
+                events, auth_events)

        auth_events.update(resolved_state)

        for key, events in conflicted_state.items():
            if key[0] == EventTypes.JoinRules:
+                logger.debug("Resolving conflicted join rules %r", events)
                resolved_state[key] = self._resolve_auth_events(
                    events,
                    auth_events
@ -329,6 +333,7 @@ class StateHandler(object):

        for key, events in conflicted_state.items():
            if key[0] == EventTypes.Member:
+                logger.debug("Resolving conflicted member lists %r", events)
                resolved_state[key] = self._resolve_auth_events(
                    events,
                    auth_events
@ -338,6 +343,7 @@ class StateHandler(object):

        for key, events in conflicted_state.items():
            if key not in resolved_state:
+                logger.debug("Resolving conflicted state %r:%r", key, events)
                resolved_state[key] = self._resolve_normal_events(
                    events, auth_events
                )