Merge branch 'fixes' into 'next'

Avoid panic when client is confused about rooms See merge request famedly/conduit!588
2024-02-28 16:19:48 +00:00 · 2024-02-28 16:19:48 +00:00 · 99ab234f40
commit 99ab234f40
parent e83416bb5a d7fd89df49
4 changed files with 56 additions and 2 deletions
--- a/src/api/client_server/sync.rs
+++ b/src/api/client_server/sync.rs
@ -1476,6 +1476,9 @@ pub async fn sync_events_v4_route(

    let mut known_subscription_rooms = BTreeSet::new();
    for (room_id, room) in &body.room_subscriptions {
+        if !services().rooms.metadata.exists(room_id)? {
+            continue;
+        }
        let todo_room = todo_rooms
            .entry(room_id.clone())
            .or_insert((BTreeSet::new(), 0, u64::MAX));
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@ -1799,6 +1799,13 @@ pub async fn get_devices_route(
        return Err(Error::bad_config("Federation is disabled."));
    }

+    if body.user_id.server_name() != services().globals.server_name() {
+        return Err(Error::BadRequest(
+            ErrorKind::InvalidParam,
+            "Tried to access user from other server.",
+        ));
+    }
+
    let sender_servername = body
        .sender_servername
        .as_ref()
@ -1873,6 +1880,13 @@ pub async fn get_profile_information_route(
        return Err(Error::bad_config("Federation is disabled."));
    }

+    if body.user_id.server_name() != services().globals.server_name() {
+        return Err(Error::BadRequest(
+            ErrorKind::InvalidParam,
+            "Tried to access user from other server.",
+        ));
+    }
+
    let mut displayname = None;
    let mut avatar_url = None;
    let mut blurhash = None;
@ -1909,6 +1923,17 @@ pub async fn get_keys_route(body: Ruma<get_keys::v1::Request>) -> Result<get_key
        return Err(Error::bad_config("Federation is disabled."));
    }

+    if body
+        .device_keys
+        .iter()
+        .any(|(u, _)| u.server_name() != services().globals.server_name())
+    {
+        return Err(Error::BadRequest(
+            ErrorKind::InvalidParam,
+            "Tried to access user from other server.",
+        ));
+    }
+
    let result = get_keys_helper(None, &body.device_keys, |u| {
        Some(u.server_name()) == body.sender_servername.as_deref()
    })
@ -1931,6 +1956,17 @@ pub async fn claim_keys_route(
        return Err(Error::bad_config("Federation is disabled."));
    }

+    if body
+        .one_time_keys
+        .iter()
+        .any(|(u, _)| u.server_name() != services().globals.server_name())
+    {
+        return Err(Error::BadRequest(
+            ErrorKind::InvalidParam,
+            "Tried to access user from other server.",
+        ));
+    }
+
    let result = claim_keys_helper(&body.one_time_keys).await?;

    Ok(claim_keys::v1::Response {