repeated Property properties = 3 in the Pong message carries no documented upper bound on the number of entries.
A Node (or a network-level MITM) can send a Pong with an arbitrarily large properties list. The client must deserialize and store every entry, so its memory footprint scales with the list length with no protocol-level cap.
The same class of defect has already been documented for Pong.servers (#25), Pong.gauges (#26), and Ping.canaries (#23), but Pong.properties was missed. The fix is a comment above the field in pong.proto stating the maximum entry count — something close to the number of country slots the platform actually supports works as the bound.
repeated Property properties = 3 in the Pong message carries no documented upper bound on the number of entries.
A Node (or a network-level MITM) can send a Pong with an arbitrarily large properties list. The client must deserialize and store every entry, so its memory footprint scales with the list length with no protocol-level cap.
The same class of defect has already been documented for Pong.servers (#25), Pong.gauges (#26), and Ping.canaries (#23), but Pong.properties was missed. The fix is a comment above the field in pong.proto stating the maximum entry count — something close to the number of country slots the platform actually supports works as the bound.