fix: Don't attempt to serialize custom join rules

This is not supported by Ruma. The join_rule field, despite being
defined as a pure string, can have associated data to it based on the
join rule variant.

This means that custom and unknown enum variants might lose data when
reserializing.

Let's just skip the serialization of custom join rules in the RoomInfo,
the concrete value is still available in the state store, it's just not
kept at hand in the RoomInfo.

Author: poljar

crates/matrix-sdk-base/CHANGELOG.md

@@ -19,6 +19,12 @@ All notable changes to this project will be documented in this file.
 
 ## [0.15.0] - 2025-11-27
 
+### Security Fixes
+
+- Skip the serialization of custom join rules in the `RoomInfo` which prevented
+  the processing of sync responses containing events with custom join rules.
+  ([#5924](https://github.com/matrix-org/matrix-rust-sdk/pull/5924))
+
 ### Refactor
 
 - [**breaking**] Upgrade Ruma to version 0.14.0.

crates/matrix-sdk-base/src/room/room_info.rs

@@ -217,9 +217,15 @@ impl BaseRoomInfo {
             AnySyncStateEvent::RoomGuestAccess(g) => {
                 self.guest_access = Some(g.into());
             }
-            AnySyncStateEvent::RoomJoinRules(c) => {
-                self.join_rules = Some(c.into());
-            }
+            AnySyncStateEvent::RoomJoinRules(c) => match c.join_rule() {
+                JoinRule::Invite
+                | JoinRule::Knock
+                | JoinRule::Private
+                | JoinRule::Restricted(_)
+                | JoinRule::KnockRestricted(_)
+                | JoinRule::Public => self.join_rules = Some(c.into()),
+                r => warn!("Encountered a custom joine rule {}, skipping", r.as_str()),
+            },
             AnySyncStateEvent::RoomCanonicalAlias(a) => {
                 self.canonical_alias = Some(a.into());
             }
@@ -294,9 +300,15 @@ impl BaseRoomInfo {
             AnyStrippedStateEvent::RoomGuestAccess(g) => {
                 self.guest_access = Some(g.into());
             }
-            AnyStrippedStateEvent::RoomJoinRules(c) => {
-                self.join_rules = Some(c.into());
-            }
+            AnyStrippedStateEvent::RoomJoinRules(c) => match &c.content.join_rule {
+                JoinRule::Invite
+                | JoinRule::Knock
+                | JoinRule::Private
+                | JoinRule::Restricted(_)
+                | JoinRule::KnockRestricted(_)
+                | JoinRule::Public => self.join_rules = Some(c.into()),
+                r => warn!("Encountered a custom joine rule {}, skipping", r.as_str()),
+            },
             AnyStrippedStateEvent::RoomCanonicalAlias(a) => {
                 self.canonical_alias = Some(a.into());
             }

crates/matrix-sdk/tests/integration/client.rs

@@ -17,7 +17,8 @@ use matrix_sdk::{
 use matrix_sdk_base::{RoomState, sync::RoomUpdates};
 use matrix_sdk_common::executor::spawn;
 use matrix_sdk_test::{
-    DEFAULT_TEST_ROOM_ID, JoinedRoomBuilder, SyncResponseBuilder, async_test,
+    DEFAULT_TEST_ROOM_ID, InvitedRoomBuilder, JoinedRoomBuilder, StateTestEvent,
+    StrippedStateTestEvent, SyncResponseBuilder, async_test,
     event_factory::EventFactory,
     sync_state_event,
     test_json::{
@@ -61,6 +62,7 @@ use ruma::{
 };
 use serde_json::{Value as JsonValue, json};
 use stream_assert::{assert_next_matches, assert_pending};
+use tempfile::tempdir;
 use tokio_stream::wrappers::BroadcastStream;
 use wiremock::{
     Mock, Request, ResponseTemplate,
@@ -1824,3 +1826,83 @@ async fn test_sync_thread_subscriptions_with_catchup() {
     let sub3 = room1.load_or_fetch_thread_subscription(&thread3).await.unwrap();
     assert_eq!(sub3, Some(matrix_sdk::room::ThreadSubscription { automatic: false }));
 }
+
+#[async_test]
+#[cfg(feature = "sqlite")]
+async fn test_sync_processing_of_custom_join_rule() {
+    let tempdir = tempdir().unwrap();
+
+    let room_id = room_id!("!room0:matrix.org");
+
+    let server = MatrixMockServer::new().await;
+    let client = server
+        .client_builder()
+        .on_builder(|builder| builder.sqlite_store(tempdir.path(), None))
+        .build()
+        .await;
+
+    server
+        .mock_sync()
+        .ok(|builder| {
+            builder.add_joined_room(JoinedRoomBuilder::new(room_id).add_state_event(
+                StateTestEvent::Custom(json!({
+                        "content": {
+                            "join_rule": "my_custom_rule"
+                        },
+                        "event_id": "$15139375513VdeRF:localhost",
+                        "origin_server_ts": 151393755,
+                        "sender": "@example:localhost",
+                        "state_key": "",
+                        "type": "m.room.join_rules",
+                })),
+            ));
+        })
+        .mock_once()
+        .mount()
+        .await;
+
+    client
+        .sync_once(Default::default())
+        .await
+        .expect("We should be able to process the sync despite there being a custom join rule");
+}
+
+#[async_test]
+#[cfg(feature = "sqlite")]
+async fn test_sync_processing_of_custom_stripped_join_rule() {
+    let tempdir = tempdir().unwrap();
+
+    let room_id = room_id!("!room0:matrix.org");
+
+    let server = MatrixMockServer::new().await;
+    let client = server
+        .client_builder()
+        .on_builder(|builder| builder.sqlite_store(tempdir.path(), None))
+        .build()
+        .await;
+
+    server
+        .mock_sync()
+        .ok(|builder| {
+            builder.add_invited_room(InvitedRoomBuilder::new(room_id).add_state_event(
+                StrippedStateTestEvent::Custom(json!({
+                        "content": {
+                            "join_rule": "my_custom_rule"
+                        },
+                        "event_id": "$15139375513VdeRF:localhost",
+                        "origin_server_ts": 151393755,
+                        "sender": "@example:localhost",
+                        "state_key": "",
+                        "type": "m.room.join_rules",
+                })),
+            ));
+        })
+        .mock_once()
+        .mount()
+        .await;
+
+    client
+        .sync_once(Default::default())
+        .await
+        .expect("We should be able to process the sync despite there being a custom join rule");
+}