Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Event auth rules are not correctly followed #6643

Closed
#11001
Closed
Event auth rules are not correctly followed#6643
#11001
Labels
A-Spec-Complianceplaces where synapse does not conform to the specT-EnhancementNew features, changes in functionality, improvements in performance, or user-facing enhancements.z-bug(Deprecated Label)
@richvdh

Description

@richvdh
richvdh
opened on Jan 6, 2020

As per #6605 (comment):

Different code paths use different values of auth_events when performing event auth: some use a locally-calculated set of events, whereas others use the auth events provided by the event itself.

The spec says:

The receiving server must ensure that the event:
...

  • Passes authorization rules based on the event's auth events, otherwise it is rejected.
  • Passes authorization rules based on the state at the event, otherwise it is rejected.

This is not happening correctly, which allows malformed events into the state of the room.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-Spec-Complianceplaces where synapse does not conform to the specT-EnhancementNew features, changes in functionality, improvements in performance, or user-facing enhancements.z-bug(Deprecated Label)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions