-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reject single faulty event instead of the whole room state #59
Comments
Is this actually the intended behaviour? Does the spec say that we should drop and continue joining? |
I don't think the spec is clear on it. This ties into the bigger question of "what should we do if we find an event whose signature we can't verify (possibly because we can't find the signing key)". IMHO failing the join would make joins rather brittle, but it's not obvious. Relatedly, we broke this in synapse recently (matrix-org/synapse#6978), and it turned out that nobody could join a whole bunch of rooms until we fixed it. |
I guess from an attack vector perspective it makes sense not to block the join, else malicious actors could withold their signing key for example and cause chaos. In scenarios where the failing to get the key is transient, and the events are real and should be included.... I dunno what we should do there. |
We reject individual faulty events now. |
Joining Matrix HQ with Dendrite is currently impossible because of a badly constructed event. In this case, gomatrixserverlib rejects the whole state, aborts the room join and logs the following error:
The JSON of the corresponding event is:
Here, gomatrixserverlib should reject this single event instead and go on with the room join.
The text was updated successfully, but these errors were encountered: