mjolnir
mjolnir copied to clipboard
matrix-org
user with extremely long MXID causes mjolnir to fail to ban
Describe the bug mjolnir fails to ban a user with a extremely long MXID
To Reproduce Steps to reproduce the behavior:
- attempt to ban
@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:example.com
Expected behavior
for the user to be banned: There was an error processing your command - see console/log for details
(issue edited to remove offensive mxid)
I would recomend a edit to the Issue descript that replaces the offensive MXID with @111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111:arcticfoxes.net
This new MXID is also 255 characters long but it is also complete junk data instead of a offensive MXID and it will trigger the exact same bug.
Like from my prespective i dont rly see a reason why we need to have this MXID in the issue. The account was deactivated by the HS admin and well the issue isnt unique to this MXID its actually just Mjolnir today fails to handle 255 char MXIDs due to a state key size limit and the way the state key is constructed for policy.
Below is some sanetised Logs of this exact bug being triggered using the MXID from the report btw. Sanetised as in i will replace the MXID with my pure ones version and i am changing the room ID
Jul 04 23:55:59 matrix matrix-bot-mjolnir[3139190]: Mon, 04 Jul 2022 21:55:59 GMT [INFO] [Mjolnir] Command being run by @cat:feline.support: !mjolnir ban FSG-COC @111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111:arcticfoxes.net
Jul 04 23:55:59 matrix matrix-bot-mjolnir[3139190]: Mon, 04 Jul 2022 21:55:59 GMT [ERROR] [MatrixHttpClient (REQ-64982)] [Error: Error during MatrixClient request GET /_matrix/client/r0/user/%40bot.mjolnir%3Afeline.support/account_data/org.matrix.mjolnir.default_list: 404 Not Found -- {"errcode":"M_NOT_FOUND","error":"Account data not found"}]
Jul 04 23:55:59 matrix matrix-bot-mjolnir[3139190]: Mon, 04 Jul 2022 21:55:59 GMT [WARN] [UnbanBanCommand] Non-fatal error getting default ban list
Jul 04 23:55:59 matrix matrix-bot-mjolnir[3139190]: Mon, 04 Jul 2022 21:55:59 GMT [WARN] [UnbanBanCommand] { errcode: 'M_NOT_FOUND', error: 'Account data not found' }
Jul 04 23:55:59 matrix matrix-bot-mjolnir[3139190]: Mon, 04 Jul 2022 21:55:59 GMT [ERROR] [MatrixHttpClient (REQ-64983)] [Error: Error during MatrixClient request PUT /_matrix/client/r0/rooms/!Meow%3Afeline.support/state/m.policy.rule.user/rule%3A%40111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111%3Aarcticfoxes.net: 413 Request Entity Too Large -- {"errcode":"M_TOO_LARGE","error":"'state_key' too large"}]
Jul 04 23:55:59 matrix matrix-bot-mjolnir[3139190]: Mon, 04 Jul 2022 21:55:59 GMT [ERROR] [CommandHandler] { errcode: 'M_TOO_LARGE', error: "'state_key' too large" }
The proper remedy is a spec change allowing long state keys and/or jumbo events.
The proper remedy is a spec change allowing long state keys and/or jumbo events.
No. Nico (can't remember his github name) already discovered that this is likely a Synapse messup on the size check. That user probably shouldn't even exist.
Iirc the state_key size limit is 255 bytes. So a logic step would be a) to check if the mxid length aligns with this and b) check how in the world that user even was able to join considering that a join would need a join event meaning that somehow that state_key length limit was evaded in the first place 🤔
No, the user is fine. The problem is that mjolnir doesn't account for the role: prefix when generating the state key. You can manually create the ban event in the banlist room with a shorter state key. See https://matrix.to/#/%23community-moderation-effort-bl%3Aneko.dev?via=neko.dev&via=jae.fi&via=grapheneos.org&via=matrix.org for example which bans that user too.
(I would suggest mjolnir generates a random string for the last 127 chars of an mxid to avoid clashes when generating rules if the userid is too long)