Ignore state events with invalid signatures when joining rooms (#1407)

* Use state from RespSendJoin post-check

* Don't create input events for invalid events

* Let's try this again

* Update gomatrixserverlib

* Update gomatrixserverlib to matrix-org/gomatrixserverlib@38f437f

federationsender/internal/perform.go

@@ -185,20 +185,21 @@ func (r *FederationSenderInternalAPI) performJoinUsingServer(
 
 	// Check that the send_join response was valid.
 	joinCtx := perform.JoinContext(r.federation, r.keyRing)
-	if err = joinCtx.CheckSendJoinResponse(
+	respState, err := joinCtx.CheckSendJoinResponse(
 		ctx, event, serverName, respMakeJoin, respSendJoin,
-	); err != nil {
+	)
+	if err != nil {
 		return fmt.Errorf("joinCtx.CheckSendJoinResponse: %w", err)
 	}
 
 	// If we successfully performed a send_join above then the other
 	// server now thinks we're a part of the room. Send the newly
 	// returned state to the roomserver to update our local view.
-	respState := respSendJoin.ToRespState()
 	if err = roomserverAPI.SendEventWithState(
 		ctx, r.rsAPI,
-		&respState,
-		event.Headered(respMakeJoin.RoomVersion), nil,
+		respState,
+		event.Headered(respMakeJoin.RoomVersion),
+		nil,
 	); err != nil {
 		return fmt.Errorf("r.producer.SendEventWithState: %w", err)
 	}

federationsender/internal/perform/join.go

@@ -30,7 +30,7 @@ func (r joinContext) CheckSendJoinResponse(
 	server gomatrixserverlib.ServerName,
 	respMakeJoin gomatrixserverlib.RespMakeJoin,
 	respSendJoin gomatrixserverlib.RespSendJoin,
-) error {
+) (*gomatrixserverlib.RespState, error) {
 	// A list of events that we have retried, if they were not included in
 	// the auth events supplied in the send_join.
 	retries := map[string][]gomatrixserverlib.Event{}
@@ -97,8 +97,9 @@ func (r joinContext) CheckSendJoinResponse(
 
 	// TODO: Can we expand Check here to return a list of missing auth
 	// events rather than failing one at a time?
-	if err := respSendJoin.Check(ctx, r.keyRing, event, missingAuth); err != nil {
-		return fmt.Errorf("respSendJoin: %w", err)
+	rs, err := respSendJoin.Check(ctx, r.keyRing, event, missingAuth)
+	if err != nil {
+		return nil, fmt.Errorf("respSendJoin: %w", err)
 	}
-	return nil
+	return rs, nil
 }

go.mod

@@ -21,7 +21,7 @@ require (
 	github.com/matrix-org/go-http-js-libp2p v0.0.0-20200518170932-783164aeeda4
 	github.com/matrix-org/go-sqlite3-js v0.0.0-20200522092705-bc8506ccbcf3
 	github.com/matrix-org/gomatrix v0.0.0-20200827122206-7dd5e2a05bcd
-	github.com/matrix-org/gomatrixserverlib v0.0.0-20200907133812-66753e24bdff
+	github.com/matrix-org/gomatrixserverlib v0.0.0-20200907151926-38f437f2b2a6
 	github.com/matrix-org/naffka v0.0.0-20200901083833-bcdd62999a91
 	github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4
 	github.com/mattn/go-sqlite3 v1.14.2

go.sum

@@ -567,8 +567,8 @@ github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26 h1:Hr3zjRsq2bh
 github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26/go.mod h1:3fxX6gUjWyI/2Bt7J1OLhpCzOfO/bB3AiX0cJtEKud0=
 github.com/matrix-org/gomatrix v0.0.0-20200827122206-7dd5e2a05bcd h1:xVrqJK3xHREMNjwjljkAUaadalWc0rRbmVuQatzmgwg=
 github.com/matrix-org/gomatrix v0.0.0-20200827122206-7dd5e2a05bcd/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20200907133812-66753e24bdff h1:XSQSvCTLnohO5q4g11ezrUwd4sxPbcs27SqWKg/UhA0=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20200907133812-66753e24bdff/go.mod h1:JsAzE1Ll3+gDWS9JSUHPJiiyAksvOOnGWF2nXdg4ZzU=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20200907151926-38f437f2b2a6 h1:43gla6bLt4opWY1mQkAasF/LUCipZl7x2d44TY0wf40=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20200907151926-38f437f2b2a6/go.mod h1:JsAzE1Ll3+gDWS9JSUHPJiiyAksvOOnGWF2nXdg4ZzU=
 github.com/matrix-org/naffka v0.0.0-20200901083833-bcdd62999a91 h1:HJ6U3S3ljJqNffYMcIeAncp5qT/i+ZMiJ2JC2F0aXP4=
 github.com/matrix-org/naffka v0.0.0-20200901083833-bcdd62999a91/go.mod h1:sjyPyRxKM5uw1nD2cJ6O2OxI6GOqyVBfNXqKjBZTBZE=
 github.com/matrix-org/util v0.0.0-20190711121626-527ce5ddefc7 h1:ntrLa/8xVzeSs8vHFHK25k0C+NV74sYMJnNSg5NoSRo=