⚠️ Potential issue | 🟠 Major
🧩 Analysis chain
🏁 Script executed:
# Find pinned bincode version(s)
fd -HI "^Cargo.toml$" | xargs -I{} rg -n '^\s*bincode\s*=' {}
# Find decode callsites and whether bounded config APIs are already used
rg -n 'bincode::deserialize|bincode::serde::decode_from_slice|with_limit|DefaultOptions|config::standard' cratesRepository: gnosisguild/enclave
Length of output: 4391
🏁 Script executed:
# Get the file context around the target lines
cat -n crates/net/src/net_sync_manager.rs | sed -n '40,55p'
# Check the full function and its surrounding context
cat -n crates/net/src/net_sync_manager.rs | sed -n '35,65p'
Repository: gnosisguild/enclave
Length of output: 1666
🌐 Web query:
bincode 1.3.3 bounded deserialization size limit configuration API
💡 Result:
In bincode 1.3.3, the bounded deserialization size limit is configured via the Options API:
use bincode::Options;
let opts = bincode::DefaultOptions::new().with_limit(1024); // bytes
let value: MyType = opts.deserialize(&bytes)?;
with_limit(limit: u64) switches the size limit from “unlimited” (default) to a bounded limit and will error if (de)serialization exceeds it. [1], [2]
For streaming reads:
use bincode::Options;
let opts = bincode::DefaultOptions::new().with_limit(1024 * 1024);
let value: MyType = opts.deserialize_from(reader)?;
Bincode’s docs explicitly call out enabling a maximum size (bounded) configuration for untrusted inputs. [3]
Legacy/deprecated API (still present in 1.3.3) is bincode::config::Config::limit(...), but it’s deprecated since 1.3.0 in favor of DefaultOptions/Options. [4]
Sources: [1] (docs.rs) [2] (mnemos.dev) [3] (docs.rs) [4] (doc.cuprate.org)
Citations:
Apply bounded deserialization for untrusted peer sync payloads.
Line 46 deserializes untrusted network bytes without size limits, enabling memory-exhaustion attacks. Use bincode::DefaultOptions::new().with_limit(size).deserialize(&value) to enforce a maximum payload size for bincode 1.3.3.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@crates/net/src/net_sync_manager.rs` around lines 45 - 47, The try_from
implementation deserializes untrusted bytes without size limits; change it to
use bincode bounded deserialization by calling
bincode::DefaultOptions::new().with_limit(MAX_SYNC_PAYLOAD_SIZE).deserialize(&value)
instead of bincode::deserialize(&value), and keep the existing context("failed
to deserialize sync response") on the Result; add a clearly named constant
(e.g., MAX_SYNC_PAYLOAD_SIZE) for the maximum allowed bytes (choose an
appropriate u64) and reference that constant in the call so try_from enforces a
safe payload size for untrusted peer sync payloads.
Originally posted by @coderabbitai[bot] in #1358 (comment)
🧩 Analysis chain
🏁 Script executed:
Repository: gnosisguild/enclave
Length of output: 4391
🏁 Script executed:
Repository: gnosisguild/enclave
Length of output: 1666
🌐 Web query:
bincode 1.3.3 bounded deserialization size limit configuration API💡 Result:
In bincode 1.3.3, the bounded deserialization size limit is configured via the
OptionsAPI:with_limit(limit: u64)switches the size limit from “unlimited” (default) to a bounded limit and will error if (de)serialization exceeds it. [1], [2]For streaming reads:
Bincode’s docs explicitly call out enabling a maximum size (bounded) configuration for untrusted inputs. [3]
Legacy/deprecated API (still present in 1.3.3) is
bincode::config::Config::limit(...), but it’s deprecated since 1.3.0 in favor ofDefaultOptions/Options. [4]Sources: [1] (docs.rs) [2] (mnemos.dev) [3] (docs.rs) [4] (doc.cuprate.org)
Citations:
Apply bounded deserialization for untrusted peer sync payloads.
Line 46 deserializes untrusted network bytes without size limits, enabling memory-exhaustion attacks. Use
bincode::DefaultOptions::new().with_limit(size).deserialize(&value)to enforce a maximum payload size for bincode 1.3.3.🤖 Prompt for AI Agents
Originally posted by @coderabbitai[bot] in #1358 (comment)