torjus/oubliette
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: address high-severity security issues from review

Browse Source 
- Use subtle.ConstantTimeCompare for static credential checks to
  prevent timing side-channel attacks
- Cap failCounts (100k) and rememberedCreds (10k) maps with eviction
  to prevent memory exhaustion from botnet-scale scanning
- Sweep expired credentials on each auth attempt
- Add configurable max_connections (default 500) with semaphore to
  limit concurrent connections and prevent goroutine/fd exhaustion

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-14 16:41:23 +01:00
parent 51fdea0c2f
commit a40110f2f5
6 changed files with 90 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
oubliette.toml.example
View File

@@ -3,6 +3,7 @@ log_level = "info"
[ssh]
listen_addr = ":2222"
host_key_path = "oubliette_host_key"
max_connections = 500
[auth]
accept_after = 10