1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/TODO.md

    From Deucе@VERT to Git commit to main/sbbs/master on Tue Mar 24 20:58:43 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/4a5139db7f89313e10c9755e
    Modified Files:
    src/ssh/TODO.md
    Log Message:
    TODO: audit #ifndef DSSH_TESTING guards for testable paths

    Many dead-code guards wrap error checks that are trivially testable
    by exposing the function via DSSH_TESTABLE and calling it directly.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Mar 25 08:55:56 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/6e9ff687d951ee69fcf48879
    Modified Files:
    src/ssh/TODO.md
    Log Message:
    Move fixed into fixed

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Mar 25 23:06:00 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/a57aef66602bd50893d2eb1e
    Modified Files:
    src/ssh/TODO.md
    Log Message:
    Remove TODO item 12: chan_type==0 window stall is correct behavior

    Dropping data and not replenishing the window when the channel
    type isn't yet determined is correct backpressure — the peer
    backs off until the channel is ready. The SIGFPE crash was the
    real bug, fixed by the capacity==0 guard.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Thu Mar 26 15:33:15 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/67aec6cb8abcc15d9591e033
    Modified Files:
    src/ssh/TODO.md
    Log Message:
    Rewrite TODO.md: 47 open items from core library audit

    Walk-through of ssh-arch.c, ssh-auth.c, ssh-trans.c, ssh-conn.c,
    ssh-chan.c, ssh.c, and all public/internal headers. Covers bugs
    (stack overflows, OOB reads, UAF races, memory leaks), missing
    visibility annotations, OpenSSL exposure in public headers,
    decomposition opportunities, duplicate definitions, magic numbers,
    and documentation inaccuracies.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Fri Mar 27 05:30:23 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/e52a9fe9a94ab3fdfe4fd204
    Modified Files:
    src/ssh/TODO.md
    Log Message:
    Add 34 TODO items from thread safety and design audits

    Thread safety audit (items 51-61): data races in local_window,
    setup-to-normal transition, rekey counters, rekey_in_progress, conn_initialized, algorithm queries, channel write pre-checks,
    global registry set_ctx, and dh-gex set_provider.

    Design/liveness audit (items 62-84): channel close use-after-free,
    window adjust failure stall, poll/accept timeout stacking, unbounded
    waits in open/request/setup/rekey, setup mailbox head-of-line
    blocking, session_start double-call, rekey data loss, auth attempt
    counter, inc leak, transport_init mutex leak, signal vs broadcast,
    bytebuf truncation, msgqueue amplification, I/O under tx_mtx,
    DH-GEX BIGNUM leak, PQ KEX NULL check, window-change callback
    use-after-free, setup malloc hang, accept queue DoS, auth banner
    loop, cleanup hang, and double-lock stale window.

    Also adds previously unnumbered items 45-50 (NULL checks).

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net