Add early length validation in check_label#230
Merged
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Oversized labels can still reach expensive contextual validation through
lower-level label-processing entry points such as:
CONTEXTJ/CONTEXTO validation may scan the full label repeatedly so very large attacker-controlled labels can drive pathological O(n²) processing.
This patch adds an early length guard in check_label(), the shared validation path used by all label-processing APIs, rejecting oversized labels before expensive validation executes.
The implementation uses valid_string_length(..., trailing_dot=True) to preserve existing UTS #46 lenient handling behavior while still bounding worst-case processing time.
Tests are added to verify prompt rejection across: