Repository: mina-sshd Updated Branches: refs/heads/master cc00723f7 -> afdf047ff
[SSHD-728] sshd-core sftp not working with FileZilla sftp client Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/afdf047f Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/afdf047f Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/afdf047f Branch: refs/heads/master Commit: afdf047ffbaf1953ae79597a5113845e31a67942 Parents: cc00723 Author: Lyor Goldstein <[email protected]> Authored: Fri Feb 24 19:20:50 2017 +0200 Committer: Lyor Goldstein <[email protected]> Committed: Fri Feb 24 19:24:12 2017 +0200 ---------------------------------------------------------------------- .../server/subsystem/sftp/SftpSubsystem.java | 25 +++++++++++++------- .../sshd/client/subsystem/sftp/SftpTest.java | 4 ++-- 2 files changed, 19 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/afdf047f/sshd-core/src/main/java/org/apache/sshd/server/subsystem/sftp/SftpSubsystem.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/subsystem/sftp/SftpSubsystem.java b/sshd-core/src/main/java/org/apache/sshd/server/subsystem/sftp/SftpSubsystem.java index 120f0c0..dab5960 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/subsystem/sftp/SftpSubsystem.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/subsystem/sftp/SftpSubsystem.java @@ -168,13 +168,22 @@ public class SftpSubsystem .collect(Collectors.joining(",")); /** - * Force the use of a max. packet length - especially for {@link #doReadDir(Buffer, int)} - * and {@link #doRead(Buffer, int)} methods + * Force the use of a max. packet length for {@link #doRead(Buffer, int)} protection + * against malicious packets * - * @see #DEFAULT_MAX_PACKET_LENGTH + * @see #DEFAULT_MAX_READDATA_PACKET_LENGTH */ - public static final String MAX_PACKET_LENGTH_PROP = "sftp-max-packet-length"; - public static final int DEFAULT_MAX_PACKET_LENGTH = 1024 * 16; + public static final String MAX_READDATA_PACKET_LENGTH_PROP = "sftp-max-readdata-packet-length"; + public static final int DEFAULT_MAX_READDATA_PACKET_LENGTH = 63 * 1024; + + /** + * Maximum amount of data allocated for listing the contents of a directory + * in any single invocation of {@link #doReadDir(Buffer, int)} + * + * @see #DEFAULT_MAX_READDIR_DATA_SIZE + */ + public static final String MAX_READDIR_DATA_SIZE_PROP = "sftp-max-readdir-data-size"; + public static final int DEFAULT_MAX_READDIR_DATA_SIZE = 16 * 1024; /** * Allows controlling reports of which client extensions are supported @@ -1831,7 +1840,8 @@ public class SftpSubsystem reply.putInt(0); ServerSession session = getServerSession(); - int count = doReadDir(id, handle, dh, reply, PropertyResolverUtils.getIntProperty(session, MAX_PACKET_LENGTH_PROP, DEFAULT_MAX_PACKET_LENGTH)); + int maxDataSize = PropertyResolverUtils.getIntProperty(session, MAX_READDIR_DATA_SIZE_PROP, DEFAULT_MAX_READDIR_DATA_SIZE); + int count = doReadDir(id, handle, dh, reply, maxDataSize); BufferUtils.updateLengthPlaceholder(reply, lenPos, count); if ((!dh.isSendDot()) && (!dh.isSendDotDot()) && (!dh.hasNext())) { dh.markDone(); @@ -2049,9 +2059,8 @@ public class SftpSubsystem String handle = buffer.getString(); long offset = buffer.getLong(); int requestedLength = buffer.getInt(); - int maxAllowed = PropertyResolverUtils.getIntProperty(getServerSession(), MAX_PACKET_LENGTH_PROP, DEFAULT_MAX_PACKET_LENGTH); + int maxAllowed = PropertyResolverUtils.getIntProperty(getServerSession(), MAX_READDATA_PACKET_LENGTH_PROP, DEFAULT_MAX_READDATA_PACKET_LENGTH); int readLen = Math.min(requestedLength, maxAllowed); - if (log.isTraceEnabled()) { log.trace("doRead({})[id={}]({})[offset={}] - req={}, max={}, effective={}", getServerSession(), id, handle, offset, requestedLength, maxAllowed, readLen); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/afdf047f/sshd-core/src/test/java/org/apache/sshd/client/subsystem/sftp/SftpTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/client/subsystem/sftp/SftpTest.java b/sshd-core/src/test/java/org/apache/sshd/client/subsystem/sftp/SftpTest.java index c0dcc7b..f833b82 100644 --- a/sshd-core/src/test/java/org/apache/sshd/client/subsystem/sftp/SftpTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/client/subsystem/sftp/SftpTest.java @@ -209,7 +209,7 @@ public class SftpTest extends AbstractSftpClientTestSupport { byte[] actual = new byte[expected.length]; int maxAllowed = actual.length / 4; // allow less than actual - PropertyResolverUtils.updateProperty(sshd, SftpSubsystem.MAX_PACKET_LENGTH_PROP, maxAllowed); + PropertyResolverUtils.updateProperty(sshd, SftpSubsystem.MAX_READDATA_PACKET_LENGTH_PROP, maxAllowed); try (CloseableHandle handle = sftp.open(file, OpenMode.Read)) { int readLen = sftp.read(handle, 0L, actual); assertEquals("Mismatched read len", maxAllowed, readLen); @@ -224,7 +224,7 @@ public class SftpTest extends AbstractSftpClientTestSupport { } } } finally { - PropertyResolverUtils.updateProperty(sshd, SftpSubsystem.MAX_PACKET_LENGTH_PROP, SftpSubsystem.DEFAULT_MAX_PACKET_LENGTH); + PropertyResolverUtils.updateProperty(sshd, SftpSubsystem.MAX_READDATA_PACKET_LENGTH_PROP, SftpSubsystem.DEFAULT_MAX_READDATA_PACKET_LENGTH); } } }
