Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

power_level event lack of validation of numeric input #9267

Closed
grinapo opened this issue Jan 30, 2021 · 1 comment
Closed

power_level event lack of validation of numeric input #9267

grinapo opened this issue Jan 30, 2021 · 1 comment

Comments

@grinapo
Copy link

grinapo commented Jan 30, 2021

Description

This event was accepted and federated:

 { ...
  "state_key": "",
  "type": "m.room.power_levels",
   "users": {
      "@2016:grin.hu": 8,
      "@2038:grin.hu": "8",
      "@2048:grin.hu": 8,
      "@2069:grin.hu": 8,
   ...

Accepting string in numerical position causes completely random behaviour, users may or may not be send any kind of events to the room.

May be related to #8445 in general?

Steps to reproduce

Send an invalid power_level event. Random users can't send messages anymore.

Version information

  • Homeserver: v1.25.0-1, non E debian package
@richvdh
Copy link
Member

richvdh commented Jan 30, 2021

dup #1237

@richvdh richvdh closed this as completed Jan 30, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grinapo @richvdh