src/ssh/TODO.md src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ss

BBS:      TELESC.NET.BR
Assunto:  src/ssh/TODO.md src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ss
De:       Deuc¨
Data:     Tue, 24 Mar 2026 20:58:43 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/0e370436f223521060667d48
Modified Files:
	src/ssh/TODO.md src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c src/ssh/ssh-conn.c ssh-trans.c
Log Message:
Remove all 31 #ifndef DSSH_TESTING dead-code guards

Every guarded check is now live code that can be reached and tested:
- Buffer size checks in sign/pubkey (ed25519, rsa-sha2-256)
- EVP_PKEY_id type validation in haskey (ed25519, rsa-sha2-256)
- serialize_bn_mpint buffer overflow check (dh-gex)
- KEX ka/verify/pubkey/sign NULL checks (curve25519, dh-gex)
- send_extended_data len > window/max_packet check (ssh-conn)
- demux_dispatch chan_type == 0 check (ssh-conn)
- Channel cleanup ch != NULL check (ssh-conn)
- rekey_time == 0 check (ssh-trans)
- enc->blocksize < 8 checks (ssh-trans)
- kex_selected/handler NULL check (ssh-trans)
- All cleanup != NULL checks in newkeys/transport_cleanup (ssh-trans)
- Namelist overflow checks in KEXINIT building (ssh-trans)
- remote_languages cleanup (ssh-trans)

Only one legitimate guard remains: dssh_parse_string() in ssh-arch.c
checks a dssh_parse_uint32() contract invariant.

Co-Authored-By: Claude Opus 4.6 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]