_  _    __    ___  __    ___  _____  _  _
 ( \( )  /__\  / __)(  )  / __)(  _  )( \( )
  )  (  /(__)\( (__  )(__( (__  )(_)(  )  (
 (_)\_)(__)(__)\___)(____)\___)(_____)(_)\_)

The History of Hacking  ·  May 31 – June 2, 2026  ·  Carolina Beach, NC

  1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/deucessh-conn.h ssh-conn.c ssh-internal.h ssh-trans.c src/ssh/

    From Deucе@VERT to Git commit to main/sbbs/master on Wed Apr 1 16:21:57 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/5b7759df96efa5972c0a8638
    Modified Files:
    src/ssh/deucessh-conn.h ssh-conn.c ssh-internal.h ssh-trans.c src/ssh/test/dssh_test_internal.h test_chan.c
    Log Message:
    Add configurable event queue cap (default 64) to prevent OOM

    A malicious peer can flood CHANNEL_REQUESTs (signal, break,
    window-change) to grow the event queue without bound. Add a
    per-channel max_events cap (default 64, inherited from session).
    When the queue is full, the demux thread closes the channel.

    - event_queue_push() returns DSSH_ERROR_TOOMANY at cap
    - dssh_session_set_max_events() sets default (before start)
    - dssh_chan_set_max_events() adjusts per-channel (DSSH_ERROR_INVALID
    if cap < current count)
    - Pass 0 to disable the cap
    - All event_queue_push() call sites now check return values

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net