From b3b02b0de4cf9683413d706d2e35129985c51a31 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 29 Jan 2019 17:25:51 +0000 Subject: [PATCH 1/4] Reject large transactions on federation --- synapse/federation/federation_server.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py index 668161423205..753bff5078fd 100644 --- a/synapse/federation/federation_server.py +++ b/synapse/federation/federation_server.py @@ -148,6 +148,31 @@ def _handle_incoming_transaction(self, origin, transaction, request_time): logger.debug("[%s] Transaction is new", transaction.transaction_id) + # Reject if PDU count > 50 and EDU count > 100 + if (len(transaction.pdus) > 50 + or (hasattr(transaction, "edus") and len(transaction.edus) > 100) + ): + response = { + "pdus": {} + } + + for pdu_key in transaction["pdus"].keys(): + response["pdus"][pdu_key] = { + "error": "Processing failed. More than 50 PDUs or 100 EDUs sent." + } + + logger.debug( + "Transaction PDU or EDU count too large. Returning: %s", str(response) + ) + + yield self.transaction_actions.set_response( + origin, + transaction, + 400, response + ) + defer.returnValue((400, response)) + return + received_pdus_counter.inc(len(transaction.pdus)) origin_host, _ = parse_server_name(origin) From 1c68c3b691ff610d9db5c97f3d679867e7f464ea Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 29 Jan 2019 17:27:56 +0000 Subject: [PATCH 2/4] Add changelog --- changelog.d/4513.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/4513.misc diff --git a/changelog.d/4513.misc b/changelog.d/4513.misc new file mode 100644 index 000000000000..1f64a96465a2 --- /dev/null +++ b/changelog.d/4513.misc @@ -0,0 +1 @@ +Reject federation transactions if they include more than 50 PDUs or 100 EDUs. \ No newline at end of file From 523ccf5e2128880c4a2a0739d14b0c33f9255001 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 29 Jan 2019 17:54:50 +0000 Subject: [PATCH 3/4] lint --- synapse/federation/federation_server.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py index 753bff5078fd..5a8f3ec03eee 100644 --- a/synapse/federation/federation_server.py +++ b/synapse/federation/federation_server.py @@ -150,8 +150,7 @@ def _handle_incoming_transaction(self, origin, transaction, request_time): # Reject if PDU count > 50 and EDU count > 100 if (len(transaction.pdus) > 50 - or (hasattr(transaction, "edus") and len(transaction.edus) > 100) - ): + or (hasattr(transaction, "edus") and len(transaction.edus) > 100)): response = { "pdus": {} } From 405e95ab87f91224061fb2b37e68d9f44c27f38b Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 30 Jan 2019 10:46:23 +0000 Subject: [PATCH 4/4] Simplify large transaction handling --- synapse/federation/federation_server.py | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py index 5a8f3ec03eee..0493c39aabda 100644 --- a/synapse/federation/federation_server.py +++ b/synapse/federation/federation_server.py @@ -151,26 +151,18 @@ def _handle_incoming_transaction(self, origin, transaction, request_time): # Reject if PDU count > 50 and EDU count > 100 if (len(transaction.pdus) > 50 or (hasattr(transaction, "edus") and len(transaction.edus) > 100)): - response = { - "pdus": {} - } - - for pdu_key in transaction["pdus"].keys(): - response["pdus"][pdu_key] = { - "error": "Processing failed. More than 50 PDUs or 100 EDUs sent." - } - logger.debug( - "Transaction PDU or EDU count too large. Returning: %s", str(response) + logger.info( + "Transaction PDU or EDU count too large. Returning 400", ) + response = {} yield self.transaction_actions.set_response( origin, transaction, 400, response ) defer.returnValue((400, response)) - return received_pdus_counter.inc(len(transaction.pdus))