From 6781aff538806e18a97a59b1d5a58a43e3814906 Mon Sep 17 00:00:00 2001 From: m1ngsama Date: Sun, 19 Apr 2026 18:13:01 +0800 Subject: [PATCH] fix: correct pubkey auth response, strncpy warning, and NUL byte validation - auth_pubkey: return SSH_AUTH_SUCCESS for key offers instead of SSH_AUTH_PARTIAL, which incorrectly signals partial authentication - command history: replace strncpy with snprintf to eliminate -Wstringop-truncation warning on GCC - utf8_is_valid_sequence: reject NUL byte (0x00) in single-byte validation to prevent C string truncation attacks Closes #34 --- src/ssh_server.c | 12 ++++++------ src/utf8.c | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/ssh_server.c b/src/ssh_server.c index 9275b91..15f4fb6 100644 --- a/src/ssh_server.c +++ b/src/ssh_server.c @@ -1109,9 +1109,8 @@ static void execute_command(client_t *client) { (max_hist - 1) * sizeof(client->command_history[0])); client->command_history_count = max_hist - 1; } - strncpy(client->command_history[client->command_history_count], - cmd, sizeof(client->command_history[0]) - 1); - client->command_history[client->command_history_count][sizeof(client->command_history[0]) - 1] = '\0'; + snprintf(client->command_history[client->command_history_count], + sizeof(client->command_history[0]), "%s", cmd); client->command_history_count++; client->command_history_pos = client->command_history_count; } @@ -1740,10 +1739,11 @@ static int auth_pubkey(ssh_session session, const char *user, return SSH_AUTH_DENIED; } - /* Only accept after the signature has been verified by libssh. - * SSH_PUBLICKEY_STATE_NONE is just a key offer — no proof of possession. */ + /* SSH_PUBLICKEY_STATE_NONE = key offer (no signature yet). + * Return SUCCESS to tell libssh "I accept this key, verify the signature." + * SSH_PUBLICKEY_STATE_VALID = signature verified by libssh. */ if (signature_state != SSH_PUBLICKEY_STATE_VALID) { - return SSH_AUTH_PARTIAL; + return SSH_AUTH_SUCCESS; } ctx->auth_success = true; diff --git a/src/utf8.c b/src/utf8.c index 3a77a1b..7d727ad 100644 --- a/src/utf8.c +++ b/src/utf8.c @@ -193,9 +193,9 @@ bool utf8_is_valid_sequence(const char *bytes, int len) { uint32_t codepoint = 0; switch (len) { case 1: - /* 0xxxxxxx - valid range: 0x00-0x7F */ + /* 0xxxxxxx - valid range: 0x01-0x7F (reject NUL) */ codepoint = b[0]; - if (codepoint > 0x7F) return false; + if (codepoint == 0 || codepoint > 0x7F) return false; break; case 2: /* 110xxxxx 10xxxxxx - valid range: 0x80-0x7FF */