From f423e9d0522c718f939956e287d8f41aecc111c1 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <contact@brendanabolivier.com>
Date: Tue, 12 Sep 2017 17:10:56 +0100
Subject: [PATCH] Add checks

---
 .../dendrite/federationapi/writers/threepid.go  | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go b/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go
index 772576f76..cbc30f432 100644
--- a/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go
+++ b/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go
@@ -109,6 +109,23 @@ func ExchangeThirdPartyInvite(
 		}
 	}
 
+	// Check that the state key is correct.
+	_, targetDomain, err := gomatrixserverlib.SplitID('@', *builder.StateKey)
+	if err != nil {
+		return util.JSONResponse{
+			Code: 400,
+			JSON: jsonerror.BadJSON("The event's state key isn't a Matrix user ID"),
+		}
+	}
+
+	// Check that the target user is from the requesting homeserver.
+	if targetDomain != request.Origin() {
+		return util.JSONResponse{
+			Code: 400,
+			JSON: jsonerror.BadJSON("The event's state key doesn't have the same domain as the request's origin"),
+		}
+	}
+
 	// Auth and build the event from what the remote server sent us
 	event, err := buildMembershipEvent(&builder, queryAPI, cfg)
 	if err == errNotInRoom {