minisign icon indicating copy to clipboard operation
minisign copied to clipboard

Published 20 hours ago verified publisher icon jedisct1

Internal error with large trusted comment

Open DemiMarie opened this issue 3 years ago • 2 comments

The following command causes xfprintf() overflow:

minisign -S -H -x s.pub.sig -t "$(python3 -c 'print("x" * 8192)')" -s m.sec -m s.pub

DemiMarie avatar Feb 20 '22 03:02 DemiMarie

Comments are human-readable one-liners.

Is there a reasonable use case for having a line that is more than 4096 bytes long? Even with a lot of emojis, the limit sounds reasonable :)

jedisct1 avatar Feb 20 '22 10:02 jedisct1

Comments are human-readable one-liners.

Is there a reasonable use case for having a line that is more than 4096 bytes long? Even with a lot of emojis, the limit sounds reasonable :)

I can imagine people putting lots of machine-readable metadata there, but I also understand if you don’t support that use-case. More important (to me) is that the limit should be consistent between signing and verification, and that violating it should give a decent error message. “xfprintf() overflow” seems to imply an internal error, rather than a user error.

DemiMarie avatar Feb 20 '22 15:02 DemiMarie