From aad9223d7a7eaec39f9a6d8666d17d57ba11b078 Mon Sep 17 00:00:00 2001
From: zealsham <shammahagwor@gmail.com>
Date: Sat, 21 Mar 2026 00:51:40 +0100
Subject: [PATCH] Set v1 buffer size to 7168

This PR sets and rename v1_max_buffer_size. The buffer size for
v1 payload is set to 7168 which is same for v2. The variable name
is updated to better reflect what it is. The rationale behind the
change is that it prevents v2 client fetching v1 request from leaking
information about the nature of the request
---
 payjoin-mailroom/src/directory.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/payjoin-mailroom/src/directory.rs b/payjoin-mailroom/src/directory.rs
index d39111642..f04482ffe 100644
--- a/payjoin-mailroom/src/directory.rs
+++ b/payjoin-mailroom/src/directory.rs
@@ -18,7 +18,7 @@ const CHACHA20_POLY1305_NONCE_LEN: usize = 32; // chacha20poly1305 n_k
 const POLY1305_TAG_SIZE: usize = 16;
 pub const BHTTP_REQ_BYTES: usize =
     ENCAPSULATED_MESSAGE_BYTES - (CHACHA20_POLY1305_NONCE_LEN + POLY1305_TAG_SIZE);
-const V1_MAX_BUFFER_SIZE: usize = 65536;
+pub(crate) const MAX_PAYLOAD_SIZE: usize = 7168;
 
 const V1_REJECT_RES_JSON: &str =
     r#"{{"errorCode": "original-psbt-rejected ", "message": "Body is not a string"}}"#;
@@ -276,7 +276,7 @@ impl<D: Db> Service<D> {
             .await
             .map_err(|e| HandlerError::InternalServerError(e.into()))?
             .to_bytes();
-        if req.len() > V1_MAX_BUFFER_SIZE {
+        if req.len() > MAX_PAYLOAD_SIZE {
             return Err(HandlerError::PayloadTooLarge);
         }
         match self.db.post_v2_payload(&id, req.into()).await {
@@ -322,7 +322,7 @@ impl<D: Db> Service<D> {
             .await
             .map_err(|e| HandlerError::InternalServerError(e.into()))?
             .to_bytes();
-        if req.len() > V1_MAX_BUFFER_SIZE {
+        if req.len() > MAX_PAYLOAD_SIZE {
             return Err(HandlerError::PayloadTooLarge);
         }
 
@@ -356,6 +356,9 @@ impl<D: Db> Service<D> {
             Ok(bytes) => bytes.to_bytes(),
             Err(_) => return Ok(bad_request_body_res),
         };
+        if body_bytes.len() > MAX_PAYLOAD_SIZE {
+            return Err(HandlerError::PayloadTooLarge);
+        }
         let body_str = match String::from_utf8(body_bytes.to_vec()) {
             Ok(body_str) => body_str,
             Err(_) => return Ok(bad_request_body_res),