cmaves
commented
3 years ago The signatures overall length is already checked when marshalling. However commit 56d1d0b causes it to be checked when pushing each parameter.
Open cmaves opened 3 years ago
cmaves
commented
3 years ago The signatures overall length is already checked when marshalling. However commit 56d1d0b causes it to be checked when pushing each parameter.
KillingSpark
commented
3 years ago I just released rustbus 0.17.0 with some performance improvements around the whole issue of signature checking.
That includes a pretty fast way to check a signature for validity. With these improvements there is no real difference between rustbus and rustbus-async in the comparison, so you might want to just use validate_signature again :)
Currently no signature validation is done. Two things (at a minimum) should be checked: 1) The signature overall length. 2) The nesting depth.
These checks would ideally be done when push parameters into a message.