File: crates/messaging/src/lib.rs:228
Severity: robustness (availability/DoS)
Obvious? yes
Content::validate only checks Content::File.filename/mime_type. The doc comment explicitly states "other variants always validate successfully." Content::Text { body }, Content::Reply { body }, Content::Edit { new_body }, Content::System { description }, Content::Reaction { emoji } are all unbounded. A peer can broadcast a single message with a multi-GB body and every receiver will allocate it on decode + retain it in their message store. PR #583 added the file caps but stopped short of body caps.
Fix: add MAX_TEXT_BODY_BYTES (e.g. 64 KiB) and validate it for Text/Reply/Edit/System/Reaction in the same validate() method.
Filed by /general-audit @ 88498a5 (2026-05-04). master: #600.
File:
crates/messaging/src/lib.rs:228Severity: robustness (availability/DoS)
Obvious? yes
Content::validateonly checksContent::File.filename/mime_type. The doc comment explicitly states "other variants always validate successfully."Content::Text { body },Content::Reply { body },Content::Edit { new_body },Content::System { description },Content::Reaction { emoji }are all unbounded. A peer can broadcast a single message with a multi-GBbodyand every receiver will allocate it on decode + retain it in their message store. PR #583 added the file caps but stopped short of body caps.Fix: add
MAX_TEXT_BODY_BYTES(e.g. 64 KiB) and validate it for Text/Reply/Edit/System/Reaction in the samevalidate()method.Filed by
/general-audit@88498a5(2026-05-04). master: #600.