Currently, a newly read line from the Calliope Mini is attached to the list lines (see here). Only after this, the list lines is checked against the threshold max-data-size. This allows, that the size can be slightly above the threshold (maximum: size of one line).
This makes this feature "weak" - an attacker could add arbitrary amount of data to the list by providing a very long last line. In addition, this behavior makes it hard to test this feature, because the actual size of the .data file can be any higher than the threshold.
It is better to allow inserting the current line to the list lines only in the case, that the resulting size meets the threshold.
rzbrk
commented
3 years ago
Currently, a newly read line from the Calliope Mini is attached to the list
lines(see here). Only after this, the listlinesis checked against the thresholdmax-data-size. This allows, that the size can be slightly above the threshold (maximum: size of one line).This makes this feature "weak" - an attacker could add arbitrary amount of data to the list by providing a very long last line. In addition, this behavior makes it hard to test this feature, because the actual size of the .data file can be any higher than the threshold.
It is better to allow inserting the current line to the list
linesonly in the case, that the resulting size meets the threshold.