https://gitlab.synchro.net/main/sbbs/-/commit/2b6b076b726680ff6a883133
Modified Files:
src/ssh/TODO.md ssh-trans.c
Log Message:
Fix three arithmetic issues found by exhaustive audit
- send_packet: guard 5+payload_len and 4+packet_length against
size_t overflow before use in padding calc and buffer sizing
- KEXINIT name-list parser: fix infinite loop when nlen==UINT32_MAX
(j<=nlen with j++ wraps to 0 and never terminates)
- TODO: document channel ID collision risk on uint32_t wrap
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net