Forum: War Ensemble BBS

src/ssh/enc/aes256-ctr.c src/ssh/kex/curve25519-sha256.c dh-gex-sha256

From Deucе@1:103/705 to Git commit to main/sbbs/master on Wed Mar 25 23:06:00 2026

https://gitlab.synchro.net/main/sbbs/-/commit/7aa05c370a0dbe347d819876
Modified Files:
src/ssh/enc/aes256-ctr.c src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c src/ssh/ssh-auth.c ssh-conn.c ssh-internal.h ssh-trans.c
Log Message:
Range-check all narrowing casts; DSSH_STRLEN macro

Every runtime size_t → uint32_t cast now has an explicit range
check before the narrowing. Casts backed by provable invariants
(received packet lengths, fixed-size buffers, BN_num_bytes chain)
are documented and left as single-use inline casts. Values used
more than once after narrowing get an initializer variable.

DSSH_STRLEN(lit) macro replaces (uint32_t)(sizeof(lit) - 1).
EVP_EncryptUpdate bufsz gets INT_MAX guard. send_packet
arithmetic cast replaced with range-checked initializer.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
--- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)