Merge pull request #5801 from matrix-org/erikj/recursive_tombstone

Don't allow clients to send tombstones that reference the same room
pull/5810/head
Erik Johnston 2019-08-01 13:45:35 +01:00 committed by GitHub
commit 0b36decfb6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions

1
changelog.d/5801.misc Normal file
View File

@ -0,0 +1 @@
Don't allow clients to send tombstone events that reference the room it's sent in.

View File

@ -106,6 +106,15 @@ class EventValidator(object):
if event.content["membership"] not in Membership.LIST: if event.content["membership"] not in Membership.LIST:
raise SynapseError(400, "Invalid membership key") raise SynapseError(400, "Invalid membership key")
elif event.type == EventTypes.Tombstone:
if "replacement_room" not in event.content:
raise SynapseError(400, "Content has no replacement_room key")
if event.content["replacement_room"] == event.room_id:
raise SynapseError(
400, "Tombstone cannot reference the room it was sent in"
)
def _ensure_strings(self, d, keys): def _ensure_strings(self, d, keys):
for s in keys: for s in keys:
if s not in d: if s not in d: