backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-23 02:31:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

validate event type and membership for create_join and create_invite

Browse source 
Both of these endpoints sign the received event so without the
validation a malicious server can use these endpoints to trick our
server into signing effectively arbitrary forged events from local
users.

Rebased from a continuwuity patch by nex. The create_join changes were
not present in the continuwuity version because these checks were
already present there.

Co-authored-by: Olivia Lee <olivia@computer.surgery>
This commit is contained in:
timedout 2025-12-20 21:35:18 -08:00 committed by Olivia Lee
parent c4abca1eb5
commit 9a50c2448a
2 changed files with 74 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
book/changelog.md
View file

@ -56,6 +56,9 @@ This will be the first release of Grapevine since it was forked from Conduit
7. Only allow the admin bot to change the room ID that the admin room alias
points to.
([!42](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/42))
8. Fix vulnerability that allows a malicious server to trick a grapevine server
into signing arbitrary forged events via the send_invite endpoint.
([!205](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/205))
### Removed