Merge pull request #1594 from matrix-org/erikj/limit_auth_events

Reject events with superfluous auth_events entries
pull/977/head
Erik Johnston 6 years ago committed by GitHub
commit 6235c2e720
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -308,6 +308,8 @@ creating a new event in this room should populate the new event's
|
E4
.. _`auth events selection`:
The ``auth_events`` field of a PDU identifies the set of events which give the
sender permission to send the event. The ``auth_events`` for the
``m.room.create`` event in a room is empty; for other events, it should be the
@ -380,6 +382,12 @@ The rules are as follows:
d. If ``content`` has no ``creator`` field, reject.
e. Otherwise, allow.
#. Reject if event has ``auth_events`` that:
a. have duplicate entries for a given ``type`` and ``state_key`` pair
#. have entries whose ``type`` and ``state_key`` don't match those
specified by the `auth events selection`_ algorithm described above.
#. If event does not have a ``m.room.create`` in its ``auth_events``, reject.
#. If type is ``m.room.aliases``:

Loading…
Cancel
Save