BBS:      TELESC.NET.BR
Assunto:  src/ssh/TODO.md audit-4254.md ssh-conn.c ssh-trans.c src/ssh/test/test
De:       Deuc¨
Data:     Mon, 30 Mar 2026 10:39:13 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/05c38e0b50466307a67fbbe0
Modified Files:
	src/ssh/TODO.md audit-4254.md ssh-conn.c ssh-trans.c src/ssh/test/test_conn.c test_transport.c
Log Message:
Fix malformed message parse failures silently dropping required replies

Audited all SSH message types that require a response: GLOBAL_REQUEST
(want_reply), CHANNEL_REQUEST (want_reply), and CHANNEL_OPEN (always
requires CONFIRMATION or FAILURE).  Four parse-failure paths silently
dropped the required reply because want_reply was never extracted from
the truncated payload.

Each path now sends the appropriate failure reply (REQUEST_FAILURE,
CHANNEL_FAILURE, or CHANNEL_OPEN_FAILURE) then disconnects with
PROTOCOL_ERROR.  The disconnect is necessary because a speculative
reply when want_reply was actually false would corrupt the reply
ordering (RFC 4254 s4/s5.4 match replies by order, not content).
CHANNEL_OPEN_FAILURE carries the peer's channel ID so it's matched
by ID, but the session is still terminated since truncated messages
indicate a broken peer.

Fixes:
- ssh-trans.c recv_packet(): GLOBAL_REQUEST truncated name-length/name
- ssh-conn.c handle_channel_request(): CHANNEL_REQUEST parse failure
- ssh-conn.c chan_accept_setup_loop(): CHANNEL_REQUEST parse failure
- ssh-conn.c demux_channel_open(): CHANNEL_OPEN parse failure (sends
  OPEN_FAILURE when sender-channel extractable, disconnect-only when not)

Updated audit-4254.md sections 4-1, 5.1-4, 5.4-3. Closes TODO item 102.

Co-Authored-By: Claude Opus 4.6 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]