1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/TODO.md src/ssh/kex/dh-gex-sha256.c src/ssh/ssh-arch.c ssh-aut

    From Deuc¿@VERT to Git commit to main/sbbs/master on Fri Mar 27 05:30:23 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/ff68af17f401a99d55f7c16d
    Modified Files:
    src/ssh/TODO.md src/ssh/kex/dh-gex-sha256.c src/ssh/ssh-arch.c ssh-auth.c ssh-trans.c
    Log Message:
    Fix serialize overflow checks that can wrap size_t on 32-bit

    Convert all *pos + N > bufsz bounds checks to subtraction form
    (*pos > bufsz || N > bufsz - *pos) to prevent size_t wraparound.
    Also fix flush_pending_banner() strlen-to-uint32_t truncation and serialize_namelist_from_str() silent truncation to UINT32_MAX.

    Closes TODO items 2, 7, 21.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net