The current code assumes that DST is <= 255 bytes long, which in of itself is fine, as the base definition in the RFC and the fact that the extra handling is in a separate section (5.4.3). While this does fall under "Don't do that then", as it is a public API, the correct thing to do would be to either return an error if the DST is oversized, or to implement the (trivial) handling for it as per the draft.
mikelodder7
commented
2 years ago
The current code assumes that DST is <= 255 bytes long, which in of itself is fine, as the base definition in the RFC and the fact that the extra handling is in a separate section (5.4.3). While this does fall under "Don't do that then", as it is a public API, the correct thing to do would be to either return an error if the DST is oversized, or to implement the (trivial) handling for it as per the draft.