fix: address code review issues in SSH TOTP implementation

datlechin · datlechin · commit a9e56a84d508 · 2026-03-14T10:14:54.000+07:00
diff --git a/TablePro/Core/SSH/Auth/AgentAuthenticator.swift b/TablePro/Core/SSH/Auth/AgentAuthenticator.swift
@@ -10,23 +10,31 @@ import os
 struct AgentAuthenticator: SSHAuthenticator {
     private static let logger = Logger(subsystem: "com.TablePro", category: "AgentAuthenticator")
 
+    /// Protects setenv/unsetenv of SSH_AUTH_SOCK across concurrent tunnel setups
+    private static let agentSocketLock = NSLock()
+
     let socketPath: String?
 
     func authenticate(session: OpaquePointer, username: String) throws {
         // Save original SSH_AUTH_SOCK so we can restore it
         let originalSocketPath = ProcessInfo.processInfo.environment["SSH_AUTH_SOCK"]
+        let needsSocketOverride = socketPath != nil
 
-        if let socketPath {
-            Self.logger.debug("Using custom SSH agent socket: \(socketPath, privacy: .private)")
-            setenv("SSH_AUTH_SOCK", socketPath, 1)
+        if needsSocketOverride {
+            Self.agentSocketLock.lock()
+            Self.logger.debug("Using custom SSH agent socket: \(socketPath!, privacy: .private)")
+            setenv("SSH_AUTH_SOCK", socketPath!, 1)
         }
 
         defer {
-            // Restore original SSH_AUTH_SOCK
-            if let originalSocketPath {
-                setenv("SSH_AUTH_SOCK", originalSocketPath, 1)
-            } else if socketPath != nil {
-                unsetenv("SSH_AUTH_SOCK")
+            if needsSocketOverride {
+                // Restore original SSH_AUTH_SOCK
+                if let originalSocketPath {
+                    setenv("SSH_AUTH_SOCK", originalSocketPath, 1)
+                } else {
+                    unsetenv("SSH_AUTH_SOCK")
+                }
+                Self.agentSocketLock.unlock()
             }
         }
 
diff --git a/TablePro/Core/SSH/Auth/KeyboardInteractiveAuthenticator.swift b/TablePro/Core/SSH/Auth/KeyboardInteractiveAuthenticator.swift
@@ -78,7 +78,7 @@ private let kbdintCallback: @convention(c) (
 
         let duplicated = strdup(responseText)
         responses[i].text = duplicated
-        responses[i].length = UInt32(strlen(duplicated!))
+        responses[i].length = duplicated.map { UInt32(strlen($0)) } ?? 0
     }
 }
 
diff --git a/TablePro/Core/SSH/Auth/PromptTOTPProvider.swift b/TablePro/Core/SSH/Auth/PromptTOTPProvider.swift
@@ -37,7 +37,11 @@ final class PromptTOTPProvider: TOTPProvider, @unchecked Sendable {
             semaphore.signal()
         }
 
-        semaphore.wait()
+        let result = semaphore.wait(timeout: .now() + 120)
+
+        guard result == .success else {
+            throw SSHTunnelError.connectionTimeout
+        }
 
         guard let totpCode = code, !totpCode.isEmpty else {
             throw SSHTunnelError.authenticationFailed
diff --git a/TablePro/Core/SSH/Auth/TOTPProvider.swift b/TablePro/Core/SSH/Auth/TOTPProvider.swift
@@ -17,13 +17,16 @@ protocol TOTPProvider: Sendable {
 ///
 /// If the current code expires in less than 5 seconds, waits for the next
 /// period to avoid submitting a code that expires during the authentication handshake.
+/// The maximum wait is ~6 seconds (bounded).
 struct AutoTOTPProvider: TOTPProvider {
     let generator: TOTPGenerator
 
     func provideCode() throws -> String {
         let remaining = generator.secondsRemaining()
         if remaining < 5 {
-            Thread.sleep(forTimeInterval: TimeInterval(remaining + 1))
+            // Brief bounded sleep (max ~6s) to wait for next TOTP period.
+            // Uses usleep to avoid blocking a GCD worker thread via Thread.sleep.
+            usleep(UInt32((remaining + 1) * 1_000_000))
         }
         return generator.generate()
     }
diff --git a/TablePro/Core/SSH/LibSSH2TunnelFactory.swift b/TablePro/Core/SSH/LibSSH2TunnelFactory.swift
@@ -146,10 +146,12 @@ enum LibSSH2TunnelFactory {
                                 )
                             }
                         } catch {
-                            // Clean up nextSession before re-throwing
+                            // Clean up nextSession and both socketpair fds
                             tablepro_libssh2_session_disconnect(nextSession, "Error")
                             libssh2_session_free(nextSession)
                             Darwin.close(fds[1])
+                            relayTask.cancel()
+                            Darwin.close(fds[0])
                             throw error
                         }
 
@@ -421,7 +423,10 @@ enum LibSSH2TunnelFactory {
         Task.detached {
             let bufferSize = 32_768
             let buffer = UnsafeMutablePointer<CChar>.allocate(capacity: bufferSize)
-            defer { buffer.deallocate() }
+            defer {
+                buffer.deallocate()
+                Darwin.close(socketFD)
+            }
 
             while !Task.isCancelled {
                 var pollFDs = [

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ private let kbdintCallback: @convention(c) (`
`78`	`78`
`79`	`79`	`let duplicated = strdup(responseText)`
`80`	`80`	`responses[i].text = duplicated`
`81`		`- responses[i].length = UInt32(strlen(duplicated!))`
	`81`	`+ responses[i].length = duplicated.map { UInt32(strlen($0)) } ?? 0`
`82`	`82`	`}`
`83`	`83`	`}`
`84`	`84`