Synapse allows setting unreasonable power_levels when creating a v1-5 room

Description

You can create a room with a power level that is viewed as "Infinity"

Steps to reproduce

1. Create a room with

"power_level_content_override": {
		"users": {
			"@youruser:yourhomeserver": 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
		}
	}

2. Notice various levels of breakage in many clients (FluffyChat, Element), and a power level displayed as Infinity

Instead, creating the room should fail.

Version information

• Homeserver: blob.cat

• Version: 1.11.0-1

• Install method: Ubuntu package (with apt)

• Platform: Ubuntu (on a VM)

[clokep]

I believe that newer versions of Synapse enforce this correctly. (You might also need to ensure you're using a new-ish room version.)

Updated to the latest version and it still works. Room version is default (5).

[richvdh]

@clokep sadly I don't think even recent versions of canonicaljson correctly enforce the int bounds.

[clokep]

@clokep sadly I don't think even recent versions of canonicaljson correctly enforce the int bounds.

I believe that room version 6 enforces this, see:

synapse/synapse/events/utils.py

Lines 463 to 465 in c619253

	if isinstance(value, int):
	if value <= -(2 ** 53) or 2 ** 53 <= value:
	raise SynapseError(400, "JSON integer out of range", Codes.BAD_JSON)

[kate-shine]

Room v5 is still a recommended default tho, so this doesn't really help the issue.

[richvdh]

ah my bad, sorry.

We could enforce this in the C-S API, I guess, though it's hardly the biggest problem.

[ptman]

matrix-org/matrix-spec-proposals#2788