dolysis
/
conduwuit
mirror of https://github.com/girlbossceo/conduwuit.git
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More sanity checks

This commit is contained in:
Timo Kösters 2023-08-10 11:45:31 +02:00
parent 183558150d
commit fd9e52a559
No known key found for this signature in database
GPG Key ID: 0B25E636FBA7E4CB
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/service/rooms/event_handler/mod.rs
View File

@ -119,6 +119,7 @@ impl Service {
let (incoming_pdu, val) = self let (incoming_pdu, val) = self
.handle_outlier_pdu(origin, &create_event, event_id, room_id, value, pub_key_map) .handle_outlier_pdu(origin, &create_event, event_id, room_id, value, pub_key_map)
.await?; .await?;
self.check_room_id(room_id, &incoming_pdu)?;
// 8. if not timeline event: stop // 8. if not timeline event: stop
if !is_timeline_event { if !is_timeline_event {
@ -338,6 +339,8 @@ impl Service {
) )
.map_err(|_| Error::bad_database("Event is not a valid PDU."))?; .map_err(|_| Error::bad_database("Event is not a valid PDU."))?;
self.check_room_id(room_id, &incoming_pdu)?;
// 4. fetch any missing auth events doing all checks listed here starting at 1. These are not timeline events // 4. fetch any missing auth events doing all checks listed here starting at 1. These are not timeline events
// 5. Reject "due to auth events" if can't get all the auth events or some of the auth events are also rejected "due to auth events" // 5. Reject "due to auth events" if can't get all the auth events or some of the auth events are also rejected "due to auth events"
// NOTE: Step 5 is not applied anymore because it failed too often // NOTE: Step 5 is not applied anymore because it failed too often
@ -373,6 +376,8 @@ impl Service {
} }
}; };
self.check_room_id(room_id, &auth_event)?;
match auth_events.entry(( match auth_events.entry((
auth_event.kind.to_string().into(), auth_event.kind.to_string().into(),
auth_event auth_event
@ -1178,6 +1183,8 @@ impl Service {
.await .await
.pop() .pop()
{ {
self.check_room_id(room_id, &pdu)?;
if amount > services().globals.max_fetch_prev_events() { if amount > services().globals.max_fetch_prev_events() {
// Max limit reached // Max limit reached
warn!("Max prev event limit reached!"); warn!("Max prev event limit reached!");
@ -1702,4 +1709,15 @@ impl Service {
"Failed to find public key for server", "Failed to find public key for server",
)) ))
} }
fn check_room_id(&self, room_id: &RoomId, pdu: &PduEvent) -> Result<()> {
if pdu.room_id != room_id {
warn!("Found event from room {} in room {}", pdu.room_id, room_id);
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Event has wrong room id",
));
}
Ok(())
}
} }