Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

capnpy.load(f, payload_type) message size #42

Open
Gw1p opened this issue Jul 16, 2019 · 1 comment
Open

capnpy.load(f, payload_type) message size #42

Gw1p opened this issue Jul 16, 2019 · 1 comment
Labels
enhancement help wanted

Comments

@Gw1p
Copy link

Gw1p commented Jul 16, 2019

capnpy.load(f, payload_type): load a message from a file-like object
Should have a maximum message size parameter or internal check to avoid hanging in case a response message is unreasonably large.
@antocuni
Copy link
Owner

yes, it might be a good idea. In general, there are many ways in which a malicious message could affect an implementation. Here are some examples, from the official capnproto docs:
https://capnproto.org/encoding.html#security-considerations

Admittedly, capnpy was not implemented with malicious messages in mind. I would not be opposed to add support for it, assuming it doesn't impact performance. It is unlikely I'll do it by myself though, so PR are welcome :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@antocuni @Gw1p