capnpy.load(f, payload_type) message size

[Gw1p]

capnpy.load(f, payload_type): load a message from a file-like object Should have a maximum message size parameter or internal check to avoid hanging in case a response message is unreasonably large.

[antocuni]

yes, it might be a good idea. In general, there are many ways in which a malicious message could affect an implementation. Here are some examples, from the official capnproto docs: https://capnproto.org/encoding.html#security-considerations

Admittedly, capnpy was not implemented with malicious messages in mind. I would not be opposed to add support for it, assuming it doesn't impact performance. It is unlikely I'll do it by myself though, so PR are welcome :)