Skip to content

Commit

Permalink
Merge tag 'v0.33.1'
Browse files Browse the repository at this point in the history
Synapse 0.33.1 (2018-08-02)
===========================

SECURITY FIXES
--------------

- Fix a potential issue where servers could request events for rooms they have not joined. (`matrix-org#3641 <https://github.com/matrix-org/synapse/issues/3641>`_)
- Fix a potential issue where users could see events in private rooms before they joined. (`matrix-org#3642 <https://github.com/matrix-org/synapse/issues/3642>`_)
  • Loading branch information
richvdh committed Aug 2, 2018
2 parents f7b133f + c2a8334 commit 43ecfe0
Show file tree
Hide file tree
Showing 9 changed files with 73 additions and 19 deletions.
10 changes: 10 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
Synapse 0.33.1 (2018-08-02)
===========================

SECURITY FIXES
--------------

- Fix a potential issue where servers could request events for rooms they have not joined. (`#3641 <https://github.com/matrix-org/synapse/issues/3641>`_)
- Fix a potential issue where users could see events in private rooms before they joined. (`#3642 <https://github.com/matrix-org/synapse/issues/3642>`_)


Synapse 0.33.0 (2018-07-19)
===========================

Expand Down
2 changes: 1 addition & 1 deletion synapse/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@
""" This is a reference implementation of a Matrix home server.
"""

__version__ = "0.33.0"
__version__ = "0.33.1"
1 change: 1 addition & 0 deletions synapse/federation/federation_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,7 @@ def on_query_auth_request(self, origin, content, room_id, event_id):
ret = yield self.handler.on_query_auth(
origin,
event_id,
room_id,
signed_auth,
content.get("rejects", []),
content.get("missing", []),
Expand Down
25 changes: 21 additions & 4 deletions synapse/handlers/events.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,12 @@
from twisted.internet import defer

from synapse.api.constants import EventTypes, Membership
from synapse.api.errors import AuthError
from synapse.events import EventBase
from synapse.events.utils import serialize_event
from synapse.types import UserID
from synapse.util.logutils import log_function
from synapse.visibility import filter_events_for_client

from ._base import BaseHandler

Expand Down Expand Up @@ -129,11 +131,13 @@ def get_stream(self, auth_user_id, pagin_config, timeout=0,
class EventHandler(BaseHandler):

@defer.inlineCallbacks
def get_event(self, user, event_id):
def get_event(self, user, room_id, event_id):
"""Retrieve a single specified event.
Args:
user (synapse.types.UserID): The user requesting the event
room_id (str|None): The expected room id. We'll return None if the
event's room does not match.
event_id (str): The event ID to obtain.
Returns:
dict: An event, or None if there is no event matching this ID.
Expand All @@ -142,13 +146,26 @@ def get_event(self, user, event_id):
AuthError if the user does not have the rights to inspect this
event.
"""
event = yield self.store.get_event(event_id)
event = yield self.store.get_event(event_id, check_room_id=room_id)

if not event:
defer.returnValue(None)
return

if hasattr(event, "room_id"):
yield self.auth.check_joined_room(event.room_id, user.to_string())
users = yield self.store.get_users_in_room(event.room_id)
is_peeking = user.to_string() not in users

filtered = yield filter_events_for_client(
self.store,
user.to_string(),
[event],
is_peeking=is_peeking
)

if not filtered:
raise AuthError(
403,
"You don't have permission to access that event."
)

defer.returnValue(event)
29 changes: 23 additions & 6 deletions synapse/handlers/federation.py
Original file line number Diff line number Diff line change
Expand Up @@ -1349,6 +1349,11 @@ def on_send_leave_request(self, origin, pdu):
def get_state_for_pdu(self, room_id, event_id):
"""Returns the state at the event. i.e. not including said event.
"""

event = yield self.store.get_event(
event_id, allow_none=False, check_room_id=room_id,
)

state_groups = yield self.store.get_state_groups(
room_id, [event_id]
)
Expand All @@ -1359,8 +1364,7 @@ def get_state_for_pdu(self, room_id, event_id):
(e.type, e.state_key): e for e in state
}

event = yield self.store.get_event(event_id)
if event and event.is_state():
if event.is_state():
# Get previous state
if "replaces_state" in event.unsigned:
prev_id = event.unsigned["replaces_state"]
Expand Down Expand Up @@ -1391,6 +1395,10 @@ def get_state_for_pdu(self, room_id, event_id):
def get_state_ids_for_pdu(self, room_id, event_id):
"""Returns the state at the event. i.e. not including said event.
"""
event = yield self.store.get_event(
event_id, allow_none=False, check_room_id=room_id,
)

state_groups = yield self.store.get_state_groups_ids(
room_id, [event_id]
)
Expand All @@ -1399,8 +1407,7 @@ def get_state_ids_for_pdu(self, room_id, event_id):
_, state = state_groups.items().pop()
results = state

event = yield self.store.get_event(event_id)
if event and event.is_state():
if event.is_state():
# Get previous state
if "replaces_state" in event.unsigned:
prev_id = event.unsigned["replaces_state"]
Expand Down Expand Up @@ -1706,8 +1713,19 @@ def _prep_event(self, origin, event, state=None, auth_events=None):
defer.returnValue(context)

@defer.inlineCallbacks
def on_query_auth(self, origin, event_id, remote_auth_chain, rejects,
def on_query_auth(self, origin, event_id, room_id, remote_auth_chain, rejects,
missing):
in_room = yield self.auth.check_host_in_room(
room_id,
origin
)
if not in_room:
raise AuthError(403, "Host not in room.")

event = yield self.store.get_event(
event_id, allow_none=False, check_room_id=room_id
)

# Just go through and process each event in `remote_auth_chain`. We
# don't want to fall into the trap of `missing` being wrong.
for e in remote_auth_chain:
Expand All @@ -1717,7 +1735,6 @@ def on_query_auth(self, origin, event_id, remote_auth_chain, rejects,
pass

# Now get the current auth_chain for the event.
event = yield self.store.get_event(event_id)
local_auth_chain = yield self.store.get_auth_chain(
[auth_id for auth_id, _ in event.auth_events],
include_given=True
Expand Down
2 changes: 1 addition & 1 deletion synapse/rest/client/v1/events.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ def __init__(self, hs):
@defer.inlineCallbacks
def on_GET(self, request, event_id):
requester = yield self.auth.get_user_by_req(request)
event = yield self.event_handler.get_event(requester.user, event_id)
event = yield self.event_handler.get_event(requester.user, None, event_id)

time_now = self.clock.time_msec()
if event:
Expand Down
2 changes: 1 addition & 1 deletion synapse/rest/client/v1/room.py
Original file line number Diff line number Diff line change
Expand Up @@ -508,7 +508,7 @@ def __init__(self, hs):
@defer.inlineCallbacks
def on_GET(self, request, room_id, event_id):
requester = yield self.auth.get_user_by_req(request)
event = yield self.event_handler.get_event(requester.user, event_id)
event = yield self.event_handler.get_event(requester.user, room_id, event_id)

time_now = self.clock.time_msec()
if event:
Expand Down
1 change: 1 addition & 0 deletions synapse/storage/event_federation.py
Original file line number Diff line number Diff line change
Expand Up @@ -343,6 +343,7 @@ def _get_backfill_events(self, txn, room_id, event_list, limit):
table="events",
keyvalues={
"event_id": event_id,
"room_id": room_id,
},
retcol="depth",
allow_none=True,
Expand Down
20 changes: 14 additions & 6 deletions synapse/storage/events_worker.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

from twisted.internet import defer

from synapse.api.errors import SynapseError
from synapse.api.errors import NotFoundError
# these are only included to make the type annotations work
from synapse.events import EventBase # noqa: F401
from synapse.events import FrozenEvent
Expand Down Expand Up @@ -76,7 +76,7 @@ def get_received_ts(self, event_id):
@defer.inlineCallbacks
def get_event(self, event_id, check_redacted=True,
get_prev_content=False, allow_rejected=False,
allow_none=False):
allow_none=False, check_room_id=None):
"""Get an event from the database by event_id.
Args:
Expand All @@ -87,7 +87,9 @@ def get_event(self, event_id, check_redacted=True,
include the previous states content in the unsigned field.
allow_rejected (bool): If True return rejected events.
allow_none (bool): If True, return None if no event found, if
False throw an exception.
False throw a NotFoundError
check_room_id (str|None): if not None, check the room of the found event.
If there is a mismatch, behave as per allow_none.
Returns:
Deferred : A FrozenEvent.
Expand All @@ -99,10 +101,16 @@ def get_event(self, event_id, check_redacted=True,
allow_rejected=allow_rejected,
)

if not events and not allow_none:
raise SynapseError(404, "Could not find event %s" % (event_id,))
event = events[0] if events else None

defer.returnValue(events[0] if events else None)
if event is not None and check_room_id is not None:
if event.room_id != check_room_id:
event = None

if event is None and not allow_none:
raise NotFoundError("Could not find event %s" % (event_id,))

defer.returnValue(event)

@defer.inlineCallbacks
def get_events(self, event_ids, check_redacted=True,
Expand Down

0 comments on commit 43ecfe0

Please sign in to comment.