m1ngsama/TNT
1
0
Fork 0
mirror of https://github.com/m1ngsama/TNT.git synced 2026-02-08 00:54:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'fix/input-validation' into feat/security-audit-fixes

Browse source
This commit is contained in:
m1ngsama 2026-01-22 14:07:06 +08:00
commit c1d0723392
2 changed files with 89 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
src/message.c
View file

@ -48,6 +48,13 @@ int message_load(message_t **messages, int max_messages) {
/* Now read the messages */ /* Now read the messages */
while (fgets(line, sizeof(line), fp) && count < max_messages) { while (fgets(line, sizeof(line), fp) && count < max_messages) {
/* Check for oversized lines */
size_t line_len = strlen(line);
if (line_len >= sizeof(line) - 1) {
fprintf(stderr, "Warning: Skipping oversized line in messages.log\n");
continue;
}
/* Format: RFC3339_timestamp|username|content */ /* Format: RFC3339_timestamp|username|content */
char line_copy[2048]; char line_copy[2048];
strncpy(line_copy, line, sizeof(line_copy) - 1); strncpy(line_copy, line, sizeof(line_copy) - 1);
@ -57,10 +64,19 @@ int message_load(message_t **messages, int max_messages) {
char *username = strtok(NULL, "|"); char *username = strtok(NULL, "|");
char *content = strtok(NULL, "\n"); char *content = strtok(NULL, "\n");
/* Validate all fields exist */
if (!timestamp_str || !username || !content) { if (!timestamp_str || !username || !content) {
continue; continue;
} }
/* Validate field lengths */
if (strlen(username) >= MAX_USERNAME_LEN) {
continue;
}
if (strlen(content) >= MAX_MESSAGE_LEN) {
continue;
}
/* Parse ISO 8601 timestamp */ /* Parse ISO 8601 timestamp */
struct tm tm = {0}; struct tm tm = {0};
char *result = strptime(timestamp_str, "%Y-%m-%dT%H:%M:%S", &tm); char *result = strptime(timestamp_str, "%Y-%m-%dT%H:%M:%S", &tm);
@ -68,9 +84,19 @@ int message_load(message_t **messages, int max_messages) {
continue; continue;
} }
msg_array[count].timestamp = mktime(&tm); /* Validate timestamp is reasonable (not in far future or past) */
time_t msg_time = mktime(&tm);
time_t now = time(NULL);
if (msg_time > now + 86400 || msg_time < now - 31536000 * 10) {
/* Skip messages more than 1 day in future or 10 years in past */
continue;
}
msg_array[count].timestamp = msg_time;
strncpy(msg_array[count].username, username, MAX_USERNAME_LEN - 1); strncpy(msg_array[count].username, username, MAX_USERNAME_LEN - 1);
msg_array[count].username[MAX_USERNAME_LEN - 1] = '\0';
strncpy(msg_array[count].content, content, MAX_MESSAGE_LEN - 1); strncpy(msg_array[count].content, content, MAX_MESSAGE_LEN - 1);
msg_array[count].content[MAX_MESSAGE_LEN - 1] = '\0';
count++; count++;
} }
@ -92,8 +118,30 @@ int message_save(const message_t *msg) {
gmtime_r(&msg->timestamp, &tm_info); gmtime_r(&msg->timestamp, &tm_info);
strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%SZ", &tm_info); strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%SZ", &tm_info);
/* Sanitize username and content to prevent log injection */
char safe_username[MAX_USERNAME_LEN];
char safe_content[MAX_MESSAGE_LEN];
strncpy(safe_username, msg->username, sizeof(safe_username) - 1);
safe_username[sizeof(safe_username) - 1] = '\0';
strncpy(safe_content, msg->content, sizeof(safe_content) - 1);
safe_content[sizeof(safe_content) - 1] = '\0';
/* Replace pipe characters and newlines to prevent log format corruption */
for (char *p = safe_username; *p; p++) {
if (*p == '|' || *p == '\n' || *p == '\r') {
*p = '_';
}
}
for (char *p = safe_content; *p; p++) {
if (*p == '|' || *p == '\n' || *p == '\r') {
*p = ' ';
}
}
/* Write to file: timestamp|username|content */ /* Write to file: timestamp|username|content */
fprintf(fp, "%s|%s|%s\n", timestamp, msg->username, msg->content); fprintf(fp, "%s|%s|%s\n", timestamp, safe_username, safe_content);
fclose(fp); fclose(fp);
return 0; return 0;

36
src/ssh_server.c
View file

@ -17,6 +17,33 @@
/* Global SSH bind instance */ /* Global SSH bind instance */
static ssh_bind g_sshbind = NULL; static ssh_bind g_sshbind = NULL;
/* Validate username to prevent injection attacks */
static bool is_valid_username(const char *username) {
if (!username || username[0] == '\0') {
return false;
}
/* Reject usernames starting with special characters */
if (username[0] == ' ' || username[0] == '.' || username[0] == '-') {
return false;
}
/* Check for illegal characters that could cause injection */
const char *illegal_chars = "|;&$`\n\r<>(){}[]'\"\\";
for (size_t i = 0; i < strlen(username); i++) {
/* Reject control characters (except tab) */
if (username[i] < 32 && username[i] != 9) {
return false;
}
/* Reject shell metacharacters */
if (strchr(illegal_chars, username[i])) {
return false;
}
}
return true;
}
/* Generate or load SSH host key */ /* Generate or load SSH host key */
static int setup_host_key(ssh_bind sshbind) { static int setup_host_key(ssh_bind sshbind) {
struct stat st; struct stat st;
@ -212,11 +239,20 @@ static int read_username(client_t *client) {
client->username[MAX_USERNAME_LEN - 1] = '\0'; client->username[MAX_USERNAME_LEN - 1] = '\0';
} else { } else {
strncpy(client->username, username, MAX_USERNAME_LEN - 1); strncpy(client->username, username, MAX_USERNAME_LEN - 1);
client->username[MAX_USERNAME_LEN - 1] = '\0';
/* Validate username for security */
if (!is_valid_username(client->username)) {
client_printf(client, "Invalid username. Using 'anonymous' instead.\r\n");
strcpy(client->username, "anonymous");
sleep(1); /* Slow down rapid retry attempts */
} else {
/* Truncate to 20 characters */ /* Truncate to 20 characters */
if (utf8_strlen(client->username) > 20) { if (utf8_strlen(client->username) > 20) {
utf8_truncate(client->username, 20); utf8_truncate(client->username, 20);
} }
} }
}
return 0; return 0;
} }