State-reset and security mitigations.

Upgrade Ruma to present. The following are intentionally benign for activation in a later commit: - Hydra backports not default. - Room version 12 not default. - Room version 12 not listed as stable. Do not enable them manually or you can brick your database. Signed-off-by: Jason Volk <jason@zemos.net>
2025-06-29 03:33:29 +00:00
parent 2c6dd78502
commit 628597c318
134 changed files with 14961 additions and 4935 deletions
--- a/src/api/client/sync/v3.rs
+++ b/src/api/client/sync/v3.rs
@@ -14,11 +14,11 @@ use ruma::{
 	api::client::{
 		filter::FilterDefinition,
 		sync::sync_events::{
-			self, DeviceLists, UnreadNotificationsCount,
+			self, DeviceLists, StrippedState, UnreadNotificationsCount,
 			v3::{
 				Ephemeral, Filter, GlobalAccountData, InviteState, InvitedRoom, JoinedRoom,
 				KnockState, KnockedRoom, LeftRoom, Presence, RoomAccountData, RoomSummary, Rooms,
-				State as RoomState, Timeline, ToDevice,
+				State as RoomState, StateEvents, Timeline, ToDevice,
 			},
 		},
 		uiaa::UiaaResponse,
@@ -295,7 +295,12 @@ async fn build_sync_events(
 			}

 			let invited_room = InvitedRoom {
-				invite_state: InviteState { events: invite_state },
+				invite_state: InviteState {
+					events: invite_state
+						.into_iter()
+						.map(Raw::cast::<StrippedState>)
+						.collect(),
+				},
 			};

 			invited_rooms.insert(room_id, invited_room);
@@ -320,7 +325,12 @@ async fn build_sync_events(
 			}

 			let knocked_room = KnockedRoom {
-				knock_state: KnockState { events: knock_state },
+				knock_state: KnockState {
+					events: knock_state
+						.into_iter()
+						.map(Raw::cast::<StrippedState>)
+						.collect(),
+				},
 			};

 			knocked_rooms.insert(room_id, knocked_room);
@@ -540,7 +550,7 @@ async fn handle_left_room(
 				prev_batch: Some(next_batch.to_string()),
 				events: Vec::new(),
 			},
-			state: RoomState { events: vec![event.into_format()] },
+			state: RoomState::Before(StateEvents { events: vec![event.into_format()] }),
 		}));
 	}

@@ -635,7 +645,7 @@ async fn handle_left_room(
 			prev_batch: Some(next_batch.to_string()),
 			events: Vec::new(), // and so we dont need to set this to empty vec
 		},
-		state: RoomState { events: left_state_events },
+		state: RoomState::Before(StateEvents { events: left_state_events }),
 	}))
 }

@@ -1042,7 +1052,7 @@ async fn load_joined_room(
 	let joined_room = JoinedRoom {
 		account_data: RoomAccountData { events: account_data_events },
 		ephemeral: Ephemeral { events: edus },
-		state: RoomState { events: state_events },
+		state: RoomState::Before(StateEvents { events: state_events }),
 		summary: RoomSummary {
 			joined_member_count: joined_member_count.map(ruma_from_u64),
 			invited_member_count: invited_member_count.map(ruma_from_u64),
--- a/src/api/client/sync/v5.rs
+++ b/src/api/client/sync/v5.rs
@@ -13,7 +13,10 @@ use futures::{
 };
 use ruma::{
 	DeviceId, OwnedEventId, OwnedRoomId, RoomId, UInt, UserId,
-	api::client::sync::sync_events::{self, DeviceLists, UnreadNotificationsCount},
+	api::client::sync::sync_events::{
+		self, DeviceLists, StrippedState, UnreadNotificationsCount,
+		v5::request::ExtensionRoomConfig,
+	},
 	directory::RoomTypeFilter,
 	events::{
 		AnyRawAccountDataEvent, AnySyncEphemeralRoomEvent, StateEventType, TimelineEventType,
@@ -647,7 +650,11 @@ where
 			name: room_name.or(hero_name),
 			initial: Some(roomsince == &0),
 			is_dm: None,
-			invite_state,
+			invite_state: invite_state.map(|s| {
+				s.into_iter()
+					.map(Raw::cast::<StrippedState>)
+					.collect()
+			}),
 			unread_notifications: UnreadNotificationsCount {
 				highlight_count: Some(
 					services
@@ -727,7 +734,10 @@ async fn collect_account_data(
 		.await;

 	if let Some(rooms) = &body.extensions.account_data.rooms {
-		for room in rooms {
+		for room in rooms
+			.iter()
+			.filter_map(|erc| extract_variant!(erc, ExtensionRoomConfig::Room))
+		{
 			account_data.rooms.insert(
 				room.clone(),
 				services