webauthn-swift
webauthn-swift copied to clipboard
swift-server
Replace SwiftCBOR with PotentCodable
There is a bug in SwiftCBOR causing an application to crash when decoding large amounts of random (/invalid CBOR) bytes. I tried to find the source of this problem in SwiftCBOR, but wasn't successful with that unfortunately.
For what it's worth, if we want to still use SwiftCBOR, I submitted a fix here https://github.com/valpackett/SwiftCBOR/pull/101 that we can use as a subclass to CBORDecoder if they don't merge the fix.
that we can use as a subclass to CBORDecoder if they don't merge the fix
nvm, it seems like CBORDecoder is not open, so it can't be subclassed 🫠
Ah nice! I didn't mention it in this PR yet but PotentCodable has the exact same issue :D
I'd still prefer to migrate to PotentCodable since it seems to be more actively maintained. @dimitribouniol would you be okay with shipping the same fix to PotentCodable? I created an issue a few weeks ago here: https://github.com/outfoxx/PotentCodables/issues/65
Yeah, I saw it afterwards haha. It should be possible, though it'll be a bit more involved since PotentCodables uses a struct for reading, so we'll need to pass the depth down to everything which is a bit more error prone.
Should we consider instead forking SwiftCBOR, cleaning it up with documentation and additional niceties (OrderedDictionaries for one), and making it available under the swift-server umbrella? Their license permits this, though I wanted to check first here to see if there was interest and to also ask Val via Mastodon or something if they were alright with it.
It should probably live in the swift-server-community org but I'd prefer to see the changes upstreamed if the maintainer is happy to accept a PR
