https://gitlab.synchro.net/main/sbbs/-/commit/0e370436f223521060667d48
Modified Files:
src/ssh/TODO.md src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c src/ssh/ssh-conn.c ssh-trans.c
Log Message:
Remove all 31 #ifndef DSSH_TESTING dead-code guards
Every guarded check is now live code that can be reached and tested:
- Buffer size checks in sign/pubkey (ed25519, rsa-sha2-256)
- EVP_PKEY_id type validation in haskey (ed25519, rsa-sha2-256)
- serialize_bn_mpint buffer overflow check (dh-gex)
- KEX ka/verify/pubkey/sign NULL checks (curve25519, dh-gex)
- send_extended_data len > window/max_packet check (ssh-conn)
- demux_dispatch chan_type == 0 check (ssh-conn)
- Channel cleanup ch != NULL check (ssh-conn)
- rekey_time == 0 check (ssh-trans)
- enc->blocksize < 8 checks (ssh-trans)
- kex_selected/handler NULL check (ssh-trans)
- All cleanup != NULL checks in newkeys/transport_cleanup (ssh-trans)
- Namelist overflow checks in KEXINIT building (ssh-trans)
- remote_languages cleanup (ssh-trans)
Only one legitimate guard remains: dssh_parse_string() in ssh-arch.c
checks a dssh_parse_uint32() contract invariant.
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net