Skip to content

fix: validate BytesValue length in KeyValuePair encoding#130

Open
diegocatalao wants to merge 1 commit into
cloudflare:mainfrom
diegocatalao:fix/validate-bytes-value-into-kvp-encoding
Open

fix: validate BytesValue length in KeyValuePair encoding#130
diegocatalao wants to merge 1 commit into
cloudflare:mainfrom
diegocatalao:fix/validate-bytes-value-into-kvp-encoding

Conversation

@diegocatalao

Copy link
Copy Markdown

Per draft-ietf-moq-transport-15 section 1.4.2, the maximum length of a BytesValue is 2^16-1 bytes. Previously, the code would accept BytesValues exceeding this limit during encoding, which could cause protocol violations when the peer attempts to decode the message. Now checks if the BytesValue length exceeds u16::MAX before encoding and returns EncodeError::InvalidValue if the limit is exceeded, matching the existing validation in the decode path.

Fixes cloudflare#128

Per draft-ietf-moq-transport-15 section 1.4.2, the maximum length of a
BytesValue is 2^16-1 bytes. Previously, the code would accept BytesValues
exceeding this limit during encoding, which could cause protocol violations
when the peer attempts to decode the message. Now checks if the BytesValue
length exceeds u16::MAX before encoding and returns EncodeError::InvalidValue
if the limit is exceeded, matching the existing validation in the decode path.
@diegocatalao diegocatalao force-pushed the fix/validate-bytes-value-into-kvp-encoding branch from ad89227 to 6d36e45 Compare January 6, 2026 16:42
@ganavijayaram

ganavijayaram commented Jan 7, 2026

Copy link
Copy Markdown

A question which is out of scope, is Cloudflare's implementation compatible with WARP/MSF draft-1?

@diegocatalao

Copy link
Copy Markdown
Author

A question which is out of scope, is Cloudflare's implementation compatible with WARP/MSF draft-1?

sorry, i don't know. maybe @englishm can answer you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants