File: crates/messaging/src/lib.rs:104-114
Severity: security
Obvious? yes
Content::File { hash, filename, mime_type, size_bytes: u64 } carries a self-declared 64-bit size. The hash is content-addressed, but size_bytes is consumed by UI callers for display and (potentially) preallocation. filename and mime_type are also unbounded Strings. Since Content::File rides inside an event/wire message capped at 256 KB, the strings can each be up to ~256 KB.
Fix: bound filename (e.g. 255 bytes — POSIX limit) and mime_type (e.g. 255 bytes — RFC 6838); treat size_bytes as advisory only, never as a preallocation source.
Filed by /general-audit @ 6404719 (2026-05-03). master: #567.
File:
crates/messaging/src/lib.rs:104-114Severity: security
Obvious? yes
Content::File { hash, filename, mime_type, size_bytes: u64 }carries a self-declared 64-bit size. The hash is content-addressed, butsize_bytesis consumed by UI callers for display and (potentially) preallocation.filenameandmime_typeare also unboundedStrings. SinceContent::Filerides inside an event/wire message capped at 256 KB, the strings can each be up to ~256 KB.Fix: bound
filename(e.g. 255 bytes — POSIX limit) andmime_type(e.g. 255 bytes — RFC 6838); treatsize_bytesas advisory only, never as a preallocation source.Filed by
/general-audit@6404719(2026-05-03). master: #567.