FEDERATION: Problem with synchronisation between homeservers #16379
Description
Description
SCENARIO:
I have three homeservers, we will call them A, B and C. The three of them federate as such:
- A federates with B
- C federates with B
- A and C do NOT federate (A has a whitelist blocking C)
C is the matrix.org homeserver. B and C are the personal homeservers. Homeserver B user creates a private encrypted room and invites users from homeservers A and C. Due to the whitelist, homeserver A user cannot read the messages from homeserver C user and vice-versa but homeserver B user can read the messages from both.
EXPLOIT:
Homeserver C user quits the room and gets re-invited into the room.
RESULT:
Homeserver C user can now see all the messages from homeserver user A but not the other way around. This shouldn't happen due to the whitelist and the expected behaviour would be the same as before the homeserver A user quit the room.
CAUSE:
I believe this happens when homeserver user C rejoins the room, the server asks homeserver B to get everything he needs and homeserver B (which can federate with both homeservers) gives him all the encryption keys, even the ones from homeserver A as he doesn't know about the whitelist.
Is this behaviour normal or is this a bug? Thanks in advance.
Steps to reproduce
- read description
Homeserver
Matrix.org and 2 personal homeservers
Synapse Version
1.85.2
Installation Method
Docker (matrixdotorg/synapse)
Database
PostgreSQL
Workers
Single process
Platform
Container
Configuration
No response
Relevant log output
.Anything else that would be useful to know?
No response