https://gitlab.synchro.net/main/sbbs/-/commit/05c38e0b50466307a67fbbe0
Modified Files:
src/ssh/TODO.md audit-4254.md ssh-conn.c ssh-trans.c src/ssh/test/test_conn.c test_transport.c
Log Message:
Fix malformed message parse failures silently dropping required replies
Audited all SSH message types that require a response: GLOBAL_REQUEST (want_reply), CHANNEL_REQUEST (want_reply), and CHANNEL_OPEN (always
requires CONFIRMATION or FAILURE). Four parse-failure paths silently
dropped the required reply because want_reply was never extracted from
the truncated payload.
Each path now sends the appropriate failure reply (REQUEST_FAILURE, CHANNEL_FAILURE, or CHANNEL_OPEN_FAILURE) then disconnects with
PROTOCOL_ERROR. The disconnect is necessary because a speculative
reply when want_reply was actually false would corrupt the reply
ordering (RFC 4254 s4/s5.4 match replies by order, not content). CHANNEL_OPEN_FAILURE carries the peer's channel ID so it's matched
by ID, but the session is still terminated since truncated messages
indicate a broken peer.
Fixes:
- ssh-trans.c recv_packet(): GLOBAL_REQUEST truncated name-length/name
- ssh-conn.c handle_channel_request(): CHANNEL_REQUEST parse failure
- ssh-conn.c chan_accept_setup_loop(): CHANNEL_REQUEST parse failure
- ssh-conn.c demux_channel_open(): CHANNEL_OPEN parse failure (sends
OPEN_FAILURE when sender-channel extractable, disconnect-only when not)
Updated audit-4254.md sections 4-1, 5.1-4, 5.4-3. Closes TODO item 102.
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net