This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
We need to actually check the reference hashes on received events (SYN-185) #1252
Labels
Comments
|
Jira watchers: @NegativeMjark @ara4n |
|
Do you mean the reference hash rather than the content hash? Cause we check the content hash for events received over federation. |
|
The solution to this is matrix-org/matrix-spec-proposals#1127. |
|
this is fixed in room v3 and later by MSC1659 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We don't check that the hash in a reference in the prev_events, auth_events or prev_state actually matches the hash of the referenced event.
This means that the origin server of an event can change the contents if it update the hashes and signatures and synapse won't notice that the event doesn't match.
(Imported from https://matrix.org/jira/browse/SYN-185)
(Reported by @ara4n)
The text was updated successfully, but these errors were encountered: