From 6515b9c0d4ea5a084700951d46b1a299b90d70a6 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Sat, 7 Jan 2017 02:52:37 +0000 Subject: [PATCH 1/3] changelog --- CHANGES.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 3db747df38..da42327903 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,6 +5,8 @@ Bug fixes: * Fix error in #PR 1764 to actually fix the nightmare #1753 bug. * Improve deadlock logging further +* Discard inbound federation traffic from invalid domains, to immunise + against #1753 Changes in synapse v0.18.6 (2017-01-06) ======================================= From 4304e7e5939957764b2cb62f4d90dd6eae8b44fb Mon Sep 17 00:00:00 2001 From: Matthew Date: Sat, 7 Jan 2017 03:44:11 +0000 Subject: [PATCH 2/3] do the discard check in the right place to avoid grabbing dependent events --- synapse/federation/federation_server.py | 40 ++++++++++++------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py index 5f6e6cbb42..1fee4e83a6 100644 --- a/synapse/federation/federation_server.py +++ b/synapse/federation/federation_server.py @@ -144,6 +144,26 @@ class FederationServer(FederationBase): results = [] for pdu in pdu_list: + # check that it's actually being sent from a valid destination to + # workaround bug #1753 in 0.18.5 and 0.18.6 + if transaction.origin != get_domain_from_id(pdu.event_id): + if not ( + pdu.type == 'm.room.member' and + pdu.content and + pdu.content.get("membership", None) == 'join' and + self.hs.is_mine_id(pdu.state_key) + ): + logger.info( + "Discarding PDU %s from invalid origin %s", + pdu.event_id, transaction.origin + ) + continue + else: + logger.info( + "Accepting join PDU %s from %s", + pdu.event_id, transaction.origin + ) + try: yield self._handle_new_pdu(transaction.origin, pdu) results.append({}) @@ -477,26 +497,6 @@ class FederationServer(FederationBase): @log_function def _handle_new_pdu(self, origin, pdu, get_missing=True): - # check that it's actually being sent from a valid destination to - # workaround bug #1753 in 0.18.5 and 0.18.6 - if origin != get_domain_from_id(pdu.event_id): - if not ( - pdu.type == 'm.room.member' and - pdu.content and - pdu.content.get("membership", None) == 'join' and - self.hs.is_mine_id(pdu.state_key) - ): - logger.info( - "Discarding PDU %s from invalid origin %s", - pdu.event_id, origin - ) - return - else: - logger.info( - "Accepting join PDU %s from %s", - pdu.event_id, origin - ) - # We reprocess pdus when we have seen them only as outliers existing = yield self._get_persisted_pdu( origin, pdu.event_id, do_auth=False From f0e4bac64e8a4eff8132afcfc8406ce5fac11369 Mon Sep 17 00:00:00 2001 From: Matthew Date: Sat, 7 Jan 2017 03:45:38 +0000 Subject: [PATCH 3/3] bump changelog & version --- CHANGES.rst | 8 ++++++++ synapse/__init__.py | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index da42327903..3fb3197ace 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,3 +1,11 @@ +Changes in synapse v0.18.7-rc2 (2017-01-07) +=========================================== + +Bug fixes: + +* Fix error in rc1's discarding invalid inbound traffic logic that was + incorrectly discarding missing events + Changes in synapse v0.18.7-rc1 (2017-01-06) =========================================== diff --git a/synapse/__init__.py b/synapse/__init__.py index 91e3a2c2e0..cb332279df 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -16,4 +16,4 @@ """ This is a reference implementation of a Matrix home server. """ -__version__ = "0.18.7-rc1" +__version__ = "0.18.7-rc2"