Bug report:
Vortex::try_from(Bytes) accepts Close packets with a non-empty value, even though Close is documented and serialized as a zero-length packet.
Expected behavior:
It should reject malformed Close packets with InvalidLength.
How to reproduce it:
use bytes::{BufMut, Bytes, BytesMut};
use vortex_protocol::{Header, Vortex};
use vortex_protocol::tlv::Tag;
let header = Header::new(Tag::Close, 4);
let header_bytes: Bytes = header.into();
let value = Bytes::from_static(b"test");
let mut packet_bytes = BytesMut::new();
packet_bytes.extend_from_slice(&header_bytes);
packet_bytes.extend_from_slice(&value);
let packet = Vortex::try_from(packet_bytes.freeze());
assert!(packet.is_err());
Current behavior on main: this parses as Vortex::Close(_). If it is serialized again, the payload is dropped.
This is triggerable in practice. The malformed packet is only 10 bytes total, so no cloud quota, API limit, MTU, or resource ceiling gets in the way. Any buggy or malicious peer can send it.
Environment:
- Vortex version:
main / 0.1.5
- OS: Linux
- Others: tiny payload, no special setup needed
Bug report:
Vortex::try_from(Bytes)acceptsClosepackets with a non-empty value, even thoughCloseis documented and serialized as a zero-length packet.Expected behavior:
It should reject malformed
Closepackets withInvalidLength.How to reproduce it:
Current behavior on
main: this parses asVortex::Close(_). If it is serialized again, the payload is dropped.This is triggerable in practice. The malformed packet is only 10 bytes total, so no cloud quota, API limit, MTU, or resource ceiling gets in the way. Any buggy or malicious peer can send it.
Environment:
main/0.1.5