Unbounded attestation length allows memory‑exhaustion DoS #119
Description
This is a security issue relating to AttestedTlsServer / AttestedTlsClient.
Both server and client read a 4‑byte length prefix and allocate Vec of that size without a cap. A malicious peer can send a huge length and force large allocations. This happens in src/attested_tls.rs:165–172 and src/attested_tls.rs:349–355.
Mitigation would be to cap this at a sensible length - considerably larger than current attestation evidence payloads, but not dangerously high.