1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-s

    From Deucе@VERT to Git commit to main/sbbs/master on Wednesday, March 25, 2026 23:06:00
    https://gitlab.synchro.net/main/sbbs/-/commit/c4f45ec61d6977c200170917
    Modified Files:
    src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c src/ssh/ssh-auth.c ssh-chan.c ssh-conn.c ssh-trans.c
    Log Message:
    Guard all arithmetic against overflow and underflow

    Every size computation before malloc is now checked against
    SIZE_MAX to prevent wrapping on platforms with small size_t.
    Cumulative counters (bytes_since_rekey, bytebuf total, msgqueue total_bytes/count) use saturating adds. Channel capacity
    doubling checks SIZE_MAX/2 and SIZE_MAX/sizeof(*).

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wednesday, March 25, 2026 23:06:00
    https://gitlab.synchro.net/main/sbbs/-/commit/ae4a4c90d0e7cdd7a860cb40
    Modified Files:
    src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c src/ssh/ssh-arch.c ssh-auth.c ssh-conn.c ssh-trans.c
    Log Message:
    Check return value of every dssh_serialize/parse call

    Every call to dssh_serialize_uint32, dssh_parse_uint32, and other serialize/parse functions now has its return value checked. Functions
    use a single ret/pv variable declared at function scope, reused for
    each call. Local SER/HASH_U32 macros reduce boilerplate in
    serialization-heavy functions.

    serialize_namelist_from_str changed from void to int.
    Removed #ifndef DSSH_TESTING guards around parse checks in KEX
    modules — return values are always checked regardless of build mode.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net