From bd91857028e0b7adf046a379a0eee030a92c1249 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Sat, 30 Dec 2017 18:40:19 +0000
Subject: [PATCH] Check missing fields in event_from_pdu_json

Return a 400 rather than a 500 when somebody messes up their send_join
---
 synapse/federation/federation_base.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py
index 6476cea895..7918d3e442 100644
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@@ -18,6 +18,7 @@ from synapse.api.errors import SynapseError
 from synapse.crypto.event_signing import check_event_content_hash
 from synapse.events import FrozenEvent
 from synapse.events.utils import prune_event
+from synapse.http.servlet import assert_params_in_request
 from synapse.util import unwrapFirstError, logcontext
 from twisted.internet import defer
 
@@ -181,7 +182,13 @@ def event_from_pdu_json(pdu_json, outlier=False):
 
     Returns:
         FrozenEvent
+
+    Raises:
+        SynapseError: if the pdu is missing required fields
     """
+    # we could probably enforce a bunch of other fields here (room_id, sender,
+    # origin, etc etc)
+    assert_params_in_request(pdu_json, ('event_id', 'type'))
     event = FrozenEvent(
         pdu_json
     )
-- 
GitLab