From 6f12b8f85c6e244b026df8016e60315e99603d9d Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 14 Oct 2020 16:49:25 +0100 Subject: [PATCH] Ignore typing events where sender doesn't match origin (#1523) * Ignore typing notifications where the sender doesn't match the origin * Update sytest-whitelist * Fix formatting directives --- federationapi/routing/send.go | 9 +++++++++ sytest-whitelist | 1 + 2 files changed, 10 insertions(+) diff --git a/federationapi/routing/send.go b/federationapi/routing/send.go index fa2a7bbb6..611a90a7c 100644 --- a/federationapi/routing/send.go +++ b/federationapi/routing/send.go @@ -289,6 +289,15 @@ func (t *txnReq) processEDUs(ctx context.Context) { util.GetLogger(ctx).WithError(err).Error("Failed to unmarshal typing event") continue } + _, domain, err := gomatrixserverlib.SplitID('@', typingPayload.UserID) + if err != nil { + util.GetLogger(ctx).WithError(err).Error("Failed to split domain from typing event sender") + continue + } + if domain != t.Origin { + util.GetLogger(ctx).Warnf("Dropping typing event where sender domain (%q) doesn't match origin (%q)", domain, t.Origin) + continue + } if err := eduserverAPI.SendTyping(ctx, t.eduAPI, typingPayload.UserID, typingPayload.RoomID, typingPayload.Typing, 30*1000); err != nil { util.GetLogger(ctx).WithError(err).Error("Failed to send typing event to edu server") } diff --git a/sytest-whitelist b/sytest-whitelist index f4fb993af..2ba0a88b2 100644 --- a/sytest-whitelist +++ b/sytest-whitelist @@ -483,3 +483,4 @@ POST rejects invalid utf-8 in JSON Users cannot kick users who have already left a room A prev_batch token from incremental sync can be used in the v1 messages API Event with an invalid signature in the send_join response should not cause room join to fail +Inbound federation rejects typing notifications from wrong remote