4a34a776c2
Merge branch 'fix/resource-management' into feat/security-audit-fixes
2026-01-22 14:07:10 +08:00
c1d0723392
Merge branch 'fix/input-validation' into feat/security-audit-fixes
2026-01-22 14:07:06 +08:00
c8e3743e9f
Merge branch 'fix/ssh-hardening' into feat/security-audit-fixes
2026-01-22 14:07:00 +08:00
f65e8add64
fix(security): enhance resource management
...
- Convert message_load() file position array from fixed 1000 to dynamic:
* Start with capacity of 1000, grow by 2x when needed
* Use malloc/realloc for flexible memory management
* Proper cleanup with free() after use
* Graceful handling of memory allocation failures
- Enhance setup_host_key() error handling:
* Validate key file size (reject 0 bytes and >10MB)
* Automatically regenerate if key file is empty
* Verify and fix insecure permissions (must be 0600)
* Better error messages with file size reporting
- Improve client thread resource cleanup:
* Use pthread_attr for explicit detached thread creation
* Add pthread_mutex_destroy on thread creation failure
* Proper cleanup order: mutex -> channel -> session -> memory
* Add error logging with strerror() for thread failures
These changes address:
- Fixed 1000-line limit causing message truncation
- Corrupted/empty key file handling
- Permission race conditions
- Resource leaks on thread creation failure
Prevents:
- DoS via large log files
- Service startup failures from bad key files
- Memory/handle leaks under error conditions
2026-01-22 14:02:05 +08:00
4f3a07c5e2
fix(security): implement comprehensive input validation
...
- Add is_valid_username() function to prevent injection attacks
* Reject shell metacharacters: |;&$`<>(){}[]'"\
* Reject control characters (except tab)
* Reject usernames starting with space, dot, or dash
- Apply username validation in read_username() with fallback to "anonymous"
- Add rate limiting via sleep(1) on validation failure
- Sanitize message content in message_save():
* Replace pipe, newline, carriage return to prevent log injection
* Ensure null termination of sanitized strings
- Enhance message_load() validation:
* Check for oversized lines
* Validate field lengths before copying
* Validate timestamp reasonableness (not >1 day future, <10 years past)
* Ensure null termination of all loaded strings
These changes address:
- Username injection vulnerabilities
- Message content injection in log files
- Log file format corruption attacks
- Malformed timestamp handling
Prevents:
- Command injection via usernames
- Log poisoning attacks
- DoS via oversized messages
2026-01-22 13:59:58 +08:00
325e524cee
fix(security): implement SSH hardening improvements
...
- Upgrade RSA key size from 2048 to 4096 bits for stronger encryption
- Fix key file permission time window with atomic generation:
* Use umask(0077) before file creation
* Generate key to temporary file first
* Atomically rename to final location
- Add configurable bind address via TNT_BIND_ADDR environment variable
- Add configurable SSH log level via TNT_SSH_LOG_LEVEL (0-4)
These changes address:
- Weak 2048-bit RSA keys
- Permission race condition during key generation
- Hardcoded bind address limiting deployment flexibility
- Inflexible logging configuration
Environment variables:
- TNT_BIND_ADDR: Bind address (default: 0.0.0.0)
- TNT_SSH_LOG_LEVEL: SSH logging verbosity 0-4 (default: 1)
2026-01-22 13:57:32 +08:00
36464007e8
fix(security): implement buffer security enhancements
...
- Replace all strcpy() calls with strncpy() to prevent buffer overflows
- Add buffer overflow checking in client_printf() vsnprintf result
- Implement UTF-8 sequence validation to prevent malformed input
- Add utf8_is_valid_sequence() function with complete validation
- Enhance read_username() with UTF-8 boundary checks
- Add UTF-8 validation for message input handling
These changes address:
- Buffer overflow vulnerabilities (lines 178, 423, 510)
- Insufficient vsnprintf() error checking (line 106)
- Missing UTF-8 sequence validation (lines 156-171)
Fixes prevent:
- Buffer overflow attacks
- Overlong UTF-8 encoding exploits
- Invalid UTF-8 surrogates injection
2026-01-22 13:54:15 +08:00
abe477f713
Rewrite README in classic Unix style
...
- README: BSD man page format (NAME/SYNOPSIS/OPTIONS/etc)
- README.md: Minimal markdown (82 lines vs 200+)
Philosophy: Dense information, no fluff, reference style.
Inspired by original Unix manuals and BSD docs.
Changes:
- Removed emojis and badges
- Condensed verbose sections
- Clear command examples
- Direct references to detailed docs
2025-12-02 12:57:18 +08:00
27854e8e1d
Merge pull request #7 from m1ngsama/feat/cicd-deployment
...
[CI/CD] Automated testing and releases
2025-12-02 12:49:57 +08:00
8e24ae5633
Add CI/CD and deployment automation
...
GitHub Actions workflows:
- ci.yml: Auto-test on push/PR
* Build on Ubuntu and macOS
* Run AddressSanitizer
* Memory leak checks with Valgrind
- release.yml: Auto-release on tags
* Build for Linux (amd64, arm64)
* Build for macOS (amd64, arm64)
* Generate checksums
* Create GitHub release with binaries
Deployment tools:
- install.sh: One-line installer
* Auto-detect OS and arch
* Download from releases
* Install to /usr/local/bin
- tnt.service: systemd unit file
* Auto-restart on failure
* Security hardening
* Runs as dedicated user
- DEPLOYMENT.md: Complete deployment guide
* Quick install
* systemd setup
* Firewall config
* Docker alternative
Usage:
curl -sSL https://raw.githubusercontent.com/m1ngsama/TNT/main/install.sh | sh
Create release:
git tag v1.0.0
git push origin v1.0.0
2025-12-02 12:47:15 +08:00
8cc297b99b
Merge pull request #6 from m1ngsama/docs/developer-guide
...
[Docs] Developer documentation and guides
2025-12-02 12:39:55 +08:00
5c11fb1b04
Add developer documentation
...
New files:
- HACKING - Architecture, debugging, common pitfalls
- QUICKREF - One-page reference card
- Updated CHANGELOG.md with recent fixes
- Updated README.md with development section
HACKING covers:
- Build system
- Test procedures
- Memory debugging (asan, valgrind)
- Thread safety rules
- Architecture overview
- Known limits
- Common bugs to avoid
- Feature addition guide
QUICKREF provides:
- Quick build commands
- Test commands
- Debug procedures
- File structure
- System limits
Follows minimalist Unix documentation philosophy.
No fluff, just facts.
2025-12-02 15:00:00 +08:00
cbdc91b04d
Merge pull request #5 from m1ngsama/feat/dev-tools
...
[Feature] Development and testing infrastructure
2025-12-02 12:39:44 +08:00
bf1fb99d11
Merge pull request #4 from m1ngsama/optimize/message-loading
...
[Optimize] Message history loading efficiency
2025-12-02 12:39:34 +08:00
4ae6a0c5e9
Merge pull request #3 from m1ngsama/fix/ssh-improvements
...
[Fix] SSH read timeout and error handling
2025-12-02 12:39:21 +08:00
cf95bcecaf
Merge pull request #2 from m1ngsama/fix/memory-race-conditions
...
[Fix] Critical memory and race condition bugs
2025-12-02 12:39:12 +08:00
a1924cabc5
Merge pull request #1 from m1ngsama/fix/vim-double-colon
...
[Fix] Vim command mode double colon bug
2025-12-02 12:39:02 +08:00
90ddd7fade
Add development and testing infrastructure
...
Added build targets:
- make asan - AddressSanitizer for memory bugs
- make debug - Debug symbols
- make valgrind - Valgrind helper
- make check - Static analysis (cppcheck, clang-tidy)
Added test scripts:
- test_basic.sh - Basic functionality tests
* Server startup
* SSH connection
* Message logging
- test_stress.sh - Load testing
* Configurable client count
* Configurable duration
* Automatic cleanup
Updated .gitignore:
- test.log
- *.dSYM/
Philosophy: Simple, minimal, Unix-style tools.
No dependencies on complex test frameworks.
2025-12-02 10:00:00 +08:00
1913a00f27
Optimize message history loading
...
Previous implementation:
- Allocated MAX_MESSAGES * 10 (1000 messages) temporarily
- Wasted ~100KB per server startup
- Could fail if log file grows very large
New implementation:
- Track file positions of last 1000 lines
- Seek to appropriate position before reading
- Only allocate MAX_MESSAGES (100 messages)
- Memory usage reduced by 90%
Benefits:
- Faster startup with large log files
- Lower memory footprint
- No risk of allocation failure
- Same functionality maintained
Uses fseek/ftell for efficient log file handling.
2025-12-01 16:30:00 +08:00
c0cb22a85f
Add SSH read timeout and PTY handling improvements
...
Fixes thread accumulation and blocking issues:
1. SSH read timeouts
- Use ssh_channel_read_timeout() with 30s timeout
- Handle SSH_AGAIN, SSH_ERROR return codes properly
- 60s timeout for username input
- Prevents threads blocking forever on dead connections
2. Improved PTY request handling
- Exit loop after PTY + SHELL received
- Don't loop on WINDOW_CHANGE during init
- Clear termination conditions
3. Better UTF-8 validation
- Check multi-byte read completeness
- Skip incomplete sequences gracefully
Prevents "zombie threads" and eliminates need to restart
after extended operation.
2025-12-01 14:00:00 +08:00
298995aa53
Fix critical memory and concurrency bugs
...
Fixes three critical bugs that caused crashes after long-running:
1. Use-after-free race condition in room_broadcast()
- Added reference counting to client_t structure
- Increment ref_count before using client outside lock
- Decrement and free only when ref_count reaches 0
- Prevents accessing freed client memory during broadcast
2. strtok() data corruption in tui_render_command_output()
- strtok() modifies original string by replacing delimiters
- Now use a local copy before calling strtok()
- Prevents corruption of client->command_output
3. Improved handle_key() consistency
- Return bool to indicate if key was consumed
- Fixes issue where mode-switch keys were processed twice
Thread safety changes:
- Added client->ref_count and client->ref_lock
- Added client_release() for safe cleanup
- room_broadcast() now properly increments/decrements refs
This fixes the primary cause of crashes during extended operation.
2025-11-30 09:00:00 +08:00
03c89beeb4
Fix vim command mode double colon bug
...
When pressing ':' in NORMAL mode, the key was being processed twice:
1. handle_key() detected it and switched to COMMAND mode
2. The same ':' character was then added to command_input
This resulted in '::' appearing instead of ':'.
Solution:
- Changed handle_key() to return bool indicating if key was consumed
- Only add character to input if handle_key() returns false
- All mode-switching keys now return true to prevent reprocessing
Fixes the most annoying UX bug reported by users.
2025-11-29 10:00:00 +08:00
6c9d243f9a
remove unrelate files
2025-11-24 17:55:20 +08:00
161fc904f3
Fix passwordless login and display alignment issues
...
- Allow SSH_AUTH_METHOD_NONE for passwordless authentication
- Replace all \n with \r\n in TUI rendering for proper line breaks
- Fixes messages appearing misaligned on terminal
2025-11-24 17:01:08 +08:00
a4d67be103
Replace telnet with SSH and fix full-screen display
...
- Implement SSH server using libssh for secure connections
- Replace insecure telnet with encrypted SSH protocol
- Add automatic terminal size detection via PTY requests
- Support dynamic window resize (SIGWINCH handling)
- Fix UI display bug by using SSH channel instead of fd
- Update tui_clear_screen to work with SSH connections
- Add RSA host key auto-generation on first run
- Update README with SSH instructions and security notes
- Add libssh dependency to Makefile with auto-detection
- Remove all telnet-related code
Security improvements:
- All traffic now encrypted
- Host key authentication
- No more plaintext transmission
2025-11-24 16:48:14 +08:00
82cfb5795b
Minor fixes
2025-11-24 16:07:00 +08:00
7026895dad
Fix bugs and improve stability
2025-11-20 09:44:00 +08:00
cb25055921
Refactor code structure
2025-11-19 11:16:00 +08:00
f67c4e8ed6
Add minor improvements
2025-11-18 14:09:00 +08:00
5db04825d9
Update documentation
2025-11-17 09:37:00 +08:00
16986cd6fc
Fix bugs and improve stability
2025-11-14 15:00:00 +08:00
bd0b596e49
Update documentation
2025-11-12 09:44:00 +08:00
149a3dcda1
Improve error handling
2025-11-07 12:56:00 +08:00
9223527d89
Optimize performance
2025-11-04 14:42:00 +08:00
2119704f7e
Fix bugs and improve stability
2025-10-30 12:08:00 +08:00
c6f80e4f4c
Fix edge cases
2025-10-29 14:58:00 +08:00
74422038e5
Add minor improvements
2025-10-28 15:25:00 +08:00
6895b4c4bb
Code cleanup
2025-10-26 15:00:00 +08:00
a691bc7e94
Add minor improvements
2025-10-22 15:35:00 +08:00
b9786e735a
Optimize performance
2025-10-17 10:23:00 +08:00
3c4ecdc4b9
Fix bugs and improve stability
2025-10-16 16:04:00 +08:00
0825a3754b
Fix bugs and improve stability
2025-10-13 16:20:00 +08:00
4fc34f8282
Fix bugs and improve stability
2025-10-06 13:12:00 +08:00
3bcb3b2a51
Update documentation
2025-09-25 17:21:00 +08:00
820b3b3f55
Fix bugs and improve stability
2025-09-19 23:35:00 +08:00
15acbe342c
Code cleanup
2025-09-15 10:43:00 +08:00
c1dece4706
Update documentation
2025-09-09 17:45:00 +08:00
55f4fb48cf
Improve error handling
2025-09-05 12:59:00 +08:00
84f524afa0
Minor fixes
2025-08-28 13:33:00 +08:00
b8bc82289d
Code cleanup
2025-08-04 11:53:00 +08:00
