Merge branch 'fix/resource-management' into feat/security-audit-fixes

src/message.c

@@ -28,12 +28,33 @@ int message_load(message_t **messages, int max_messages) {
 
     /* Use a ring buffer approach - keep only last max_messages */
     /* First, count total lines and seek to appropriate position */
-    long file_pos[1000];  /* Track positions of last 1000 lines */
+    /* Use dynamic allocation to handle large log files */
+    long *file_pos = NULL;
+    int pos_capacity = 1000;
     int line_count = 0;
     int start_index = 0;
 
+    /* Allocate initial position array */
+    file_pos = malloc(pos_capacity * sizeof(long));
+    if (!file_pos) {
+        fclose(fp);
+        *messages = msg_array;
+        return 0;
+    }
+
     /* Record file positions */
-    while (fgets(line, sizeof(line), fp) && line_count < 1000) {
+    while (fgets(line, sizeof(line), fp)) {
+        /* Expand array if needed */
+        if (line_count >= pos_capacity) {
+            int new_capacity = pos_capacity * 2;
+            long *new_pos = realloc(file_pos, new_capacity * sizeof(long));
+            if (!new_pos) {
+                /* Out of memory, stop scanning */
+                break;
+            }
+            file_pos = new_pos;
+            pos_capacity = new_capacity;
+        }
         file_pos[line_count++] = ftell(fp) - strlen(line);
     }
 
@@ -100,6 +121,7 @@ int message_load(message_t **messages, int max_messages) {
         count++;
     }
 
+    free(file_pos);
     fclose(fp);
     *messages = msg_array;
     return count;

src/ssh_server.c

@@ -50,12 +50,29 @@ static int setup_host_key(ssh_bind sshbind) {
 
     /* Check if host key exists */
     if (stat(HOST_KEY_FILE, &st) == 0) {
-        /* Load existing key */
+        /* Validate file size */
-        if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, HOST_KEY_FILE) < 0) {
+        if (st.st_size == 0) {
-            fprintf(stderr, "Failed to load host key: %s\n", ssh_get_error(sshbind));
+            fprintf(stderr, "Warning: Empty key file, regenerating...\n");
+            unlink(HOST_KEY_FILE);
+            /* Fall through to generate new key */
+        } else if (st.st_size > 10 * 1024 * 1024) {
+            /* Sanity check: key file shouldn't be > 10MB */
+            fprintf(stderr, "Error: Key file too large (%lld bytes)\n", (long long)st.st_size);
             return -1;
+        } else {
+            /* Verify and fix permissions */
+            if ((st.st_mode & 0077) != 0) {
+                fprintf(stderr, "Warning: Fixing insecure key file permissions\n");
+                chmod(HOST_KEY_FILE, 0600);
+            }
+
+            /* Load existing key */
+            if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, HOST_KEY_FILE) < 0) {
+                fprintf(stderr, "Failed to load host key: %s\n", ssh_get_error(sshbind));
+                return -1;
+            }
+            return 0;
         }
-        return 0;
     }
 
     /* Generate new key */
@@ -827,7 +844,17 @@ int ssh_server_start(int unused) {
 
         /* Create thread for client */
         pthread_t thread;
-        if (pthread_create(&thread, NULL, client_handle_session, client) != 0) {
+        pthread_attr_t attr;
+
+        /* Initialize thread attributes for detached thread */
+        pthread_attr_init(&attr);
+        pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+
+        if (pthread_create(&thread, &attr, client_handle_session, client) != 0) {
+            fprintf(stderr, "Thread creation failed: %s\n", strerror(errno));
+            pthread_attr_destroy(&attr);
+            /* Clean up all resources */
+            pthread_mutex_destroy(&client->ref_lock);
             ssh_channel_close(channel);
             ssh_channel_free(channel);
             ssh_disconnect(session);
@@ -836,7 +863,7 @@ int ssh_server_start(int unused) {
             continue;
         }
 
-        pthread_detach(thread);
+        pthread_attr_destroy(&attr);
     }
 
     return 0;