Files · 37eeaf1e3c86b27893daf22773638a220ff6d71a · nexlab / wsssh

Critical security fix: Prevent wssshd server crashes from malformed packets · 37eeaf1e

Stefy Lanza (nextime / spora ) authored Sep 20, 2025

- Added comprehensive bounds checking to all WebSocket message parsing
- Validate JSON structure (braces) before processing to prevent crashes
- Added length limits and bounds validation for all parameter extractions:
  * client_id: max 64 chars
  * password: max 256 chars
  * request_id: max 64 chars
  * enc/service/version: max 32 chars each
- Prevent buffer overflows that could corrupt heap metadata
- Ensure all string operations stay within allocated buffer bounds
- Server now logs errors and continues running instead of crashing on malformed packets
- Critical defense against DoS attacks via malformed WebSocket messages

37eeaf1e

Name	Last commit	Last update
templates		Loading commit data...
wsssd		Loading commit data...
wsssh-server/debian		Loading commit data...
wssshd2		Loading commit data...
wssshtools		Loading commit data...
.gitignore		Loading commit data...
BRIDGE_MODE_TESTING.md		Loading commit data...
CHANGELOG.md		Loading commit data...
DOCUMENTATION.md		Loading commit data...
LICENSE.md		Loading commit data...
README.md		Loading commit data...
TODO.md		Loading commit data...
build.sh		Loading commit data...
clean.sh		Loading commit data...
image.jpg		Loading commit data...
prompt.txt		Loading commit data...
requirements.txt		Loading commit data...
service.conf.example		Loading commit data...
test_bridge_mode.sh		Loading commit data...
wssshc.conf.example		Loading commit data...
wssshc.init		Loading commit data...
wssshc_watcher.sh		Loading commit data...
wssshd.conf.example		Loading commit data...
wssshd.init		Loading commit data...
wssshd.py		Loading commit data...
wsssht.conf.example		Loading commit data...
wsssht.init		Loading commit data...

README.md