Description
Before processing any inbound message -- signature replies, auditor payloads, or distribution acks -- enforce a maximum message-size limit and reject oversized or malformed payloads immediately. This prevents a responder from forcing the view to allocate unbounded memory for deserialization or signature verification. Pair size checks with schema/format validation so that structurally invalid messages are dropped at the earliest possible point in the pipeline.
Short Summary
Add max message size limits before deserializing signature replies, auditor payloads, distribution acks
Description
Before processing any inbound message -- signature replies, auditor payloads, or distribution acks -- enforce a maximum message-size limit and reject oversized or malformed payloads immediately. This prevents a responder from forcing the view to allocate unbounded memory for deserialization or signature verification. Pair size checks with schema/format validation so that structurally invalid messages are dropped at the earliest possible point in the pipeline.
Short Summary
Add max message size limits before deserializing signature replies, auditor payloads, distribution acks