The MS should sign the serialized directory page cursor in the ms_listing message, separate from the ms_reply structure (in fact, the serialized cursor should contain both the cursor and signature). This is to prevent the UG from generating a malicious cursor that messes up the MS's directory page cache.
There are stubs for this already, but they need to be filled in.
The MS should sign the serialized directory page cursor in the ms_listing message, separate from the ms_reply structure (in fact, the serialized cursor should contain both the cursor and signature). This is to prevent the UG from generating a malicious cursor that messes up the MS's directory page cache.
There are stubs for this already, but they need to be filled in.