tor-bytes read Truncated nested length read loop trouble
We have loops in where when we get Truncated we try to read more data.
But Truncated can occur both because the outer buffer didn't contain enough data, but also because an inner sub-structure with a counted length didn't contain enough data for whatever we deserialise from it.
In the latter case, the outer read loop will try to read more data.
If more data is available, the outer read loop will read ahead until it reaches its buffer size limit. Otherwise, it will hang.
I think this is only a performance problem. But maybe it could mean that the less-trusted author of an inner message could cause an outer protocol to get stuck?
Prompted by discussions in !2390 (merged) which made me think about this kind of question.
I am marking this confidential so that we can think properly about whether I'm right that this isn't a security issue.