Use _check_sigs_and_hash_and_fetch to validate backfill requests (#8350)

This is a bit of a hack, as `_check_sigs_and_hash_and_fetch` is intended
for attempting to pull an event from the database/(re)pull it from the
server that originally sent the event if checking the signature of the
event fails.

During backfill we *know* that we won't have the event in our database,
however it is still useful to be able to query the original sending
server as the server we're backfilling from may be acting maliciously.

The main benefit and reason for this change however is that
`_check_sigs_and_hash_and_fetch` will drop an event during backfill if
it cannot be successfully validated, whereas the current code will
simply fail the backfill request - resulting in the client's /messages
request silently being dropped.

This is a quick patch to fix backfilling rooms that contain malformed
events. A better implementation in planned in future.
This commit is contained in:
Andrew Morgan 2020-09-18 14:51:11 +01:00 committed by GitHub
parent 5ffd68dca1
commit 27c1abc7b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 5 deletions

1
changelog.d/8350.bugfix Normal file
View File

@ -0,0 +1 @@
Partially mitigate bug where newly joined servers couldn't get past events in a room when there is a malformed event.

View File

@ -217,11 +217,9 @@ class FederationClient(FederationBase):
for p in transaction_data["pdus"] for p in transaction_data["pdus"]
] ]
# FIXME: We should handle signature failures more gracefully. # Check signatures and hash of pdus, removing any from the list that fail checks
pdus[:] = await make_deferred_yieldable( pdus[:] = await self._check_sigs_and_hash_and_fetch(
defer.gatherResults( dest, pdus, outlier=True, room_version=room_version
self._check_sigs_and_hashes(room_version, pdus), consumeErrors=True,
).addErrback(unwrapFirstError)
) )
return pdus return pdus