Forum: Lost Crypt BBS

Dark
Log in

Username Password

src/ssh/TODO.md ssh-trans

From Deuc¿@VERT to Git commit to main/sbbs/m on Wednesday, March 25, 2026 23:06:00

https://gitlab.synchro.net/main/sbbs/-/commit/2b6b076b726680ff6a883133
Modified Files:
src/ssh/TODO.md ssh-trans.c
Log Message:
Fix three arithmetic issues found by exhaustive audit

- send_packet: guard 5+payload_len and 4+packet_length against
size_t overflow before use in padding calc and buffer sizing
- KEXINIT name-list parser: fix infinite loop when nlen==UINT32_MAX
(j<=nlen with j++ wraps to 0 and never terminates)
- TODO: document channel ID collision risk on uint32_t wrap

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Saturday, March 28, 2026 12:55:00

https://gitlab.synchro.net/main/sbbs/-/commit/0bab6743afaf7fbe0cdb3a18
Modified Files:
src/ssh/TODO.md ssh-trans.c ssh-trans.h src/ssh/test/test_selftest.c Log Message:
Close item 69: buffer in-flight data during self-initiated rekey

The kexinit wait loop silently discarded non-KEXINIT messages received
between sending our KEXINIT and receiving the peer's. RFC 4253 s7.1
restricts message types on the SENDER only; the peer may have valid connection-layer messages in flight. Added a rekey message queue that
buffers these messages and replays them through recv_packet() after
rekey completes. Also fixed a latent bug where recv_packet's default
case set rekey_pending during an active rekey, which would have caused
nested rekey attempts with enough in-flight packets.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Saturday, March 28, 2026 12:55:00

https://gitlab.synchro.net/main/sbbs/-/commit/9f6265e5b8324eb042024b8f
Modified Files:
src/ssh/TODO.md ssh-trans.c
Log Message:
Close item 17: replace cascading cleanup with goto in transport_init/newkeys

transport_init: 7 allocation failure points (4 buffers + 3 sync
primitives) each duplicated cleanup of all prior resources. Replaced
with goto init_cleanup; bool flags track which sync primitives need
destroying.

newkeys: 6 key buffer mallocs had cascading cleanse_free chains;
replaced with NULL-initialized pointers and goto keys_cleanup
(reusing the existing label). Also simplified the post-derive_key
error block from 8 lines to a single goto.

Eliminates ~50 lines of duplicated cleanup code across 8 error paths.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Saturday, March 28, 2026 12:55:00

https://gitlab.synchro.net/main/sbbs/-/commit/bb749b57be1a596b01d60496
Modified Files:
src/ssh/TODO.md ssh-trans.c src/ssh/test/dssh_test_internal.h test_transport.c
Log Message:
Close items 19, 20, 22: decompose kexinit/newkeys, clean up derive_key

kexinit() (~330 lines) split into build_kexinit_packet,
receive_peer_kexinit, dssh_test_parse_peer_kexinit (DSSH_TESTABLE
pure parser), and negotiate_algorithms. Eliminates KEXINIT_SER_NL
macro and if(0){kexinit_fail:} goto pattern.

newkeys() (~280 lines) split into dssh_test_encode_k_wire
(DSSH_TESTABLE pure K wire encoder) and derive_and_apply_keys.

derive_key() refactored: chained || OpenSSL calls replaced with
sequential checks; 3 duplicated cleanup blocks unified via goto.

11 new unit tests: 6 for parse_peer_kexinit (valid, control char,
name too long, truncated, too short, first_kex_follows), 5 for
encode_k_wire (mpint no pad, sign pad, empty, string, string empty). Previously-SKIP kexinit/peer_trunc_namelist now implemented.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Saturday, March 28, 2026 12:55:00

https://gitlab.synchro.net/main/sbbs/-/commit/2847d48b73aae37bc5d65896
Modified Files:
src/ssh/TODO.md ssh-trans.c ssh-trans.h ssh.c src/ssh/test/dssh_test_internal.h
Log Message:
Move session lifecycle to ssh-trans.c, demote 9 functions to static

Move dssh_session_init, dssh_session_terminate, dssh_session_is_terminated, dssh_session_cleanup from ssh.c to ssh-trans.c so they can call transport_init/transport_cleanup directly.

9 ssh-trans.c functions demoted from DSSH_PRIVATE:
- transport_init, transport_cleanup, find_kex static
- version_exchange, kexinit, kex, newkeys, rekey, rekey_needed
DSSH_TESTABLE (static in production, visible to tests)

Removes 11 declarations from ssh-trans.h, cleans up
dssh_test_internal.h. TODO items 98-99 added (callback setter
UB, typedef layering).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Who's Online
Recent Visitors
- Guest
  Tuesday, March 10, 2026 18:06:38
  from Hackertown, North Korea via Telnet
- Guest
  Monday, March 09, 2026 22:42:26
  from Philidelphia, Pa via Telnet
- BitByter
  Saturday, March 07, 2026 04:14:30
  from Groton, CT via Telnet
- Guest
  Friday, February 13, 2026 04:32:48
  from Plano via Raw

System Info

Sysop:	Zerthwind
Location:	Worcester, Ma
Users:	6
Nodes:	10 (0 / 10)
Uptime:	272:29:49
Calls:	24
Files:	1,878
Messages:	15,915