[jira] [Updated] (SSHD-1244) Client fails window adjust above Integer.MAX_VALUE

Ryosuke Kanda (Jira) Thu, 03 Feb 2022 17:17:18 -0800


     [ 
https://issues.apache.org/jira/browse/SSHD-1244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ryosuke Kanda updated SSHD-1244:
--------------------------------
    Description: 
If the new window size specified by SSH_MSG_CHANNEL_WINDOW_ADJUST exceeds 
INT_MAX, it will not be recognized correctly.

I think the cause is in the following places:
org.apache.sshd.common.channel.Window.expand（int）

 

I am doing machine translation, so please allow it to be unnatural.

 

I encountered this issue when I was using ProFTPD as an SFTP server.
The version of ProFTPD is 1.3.5e.

The SFTP feature of ProFTPD notifies 2 ^ 32-1 bytes as the initial window size 
by default.
I've confirmed that SSHD can handle this without any problems, so I sent a 4GB 
file to see what happens when Window Adjust is done.
As a result, a Window Adjust was done and SSHD was unable to handle this 
successfully.

 

I have attached the client implementation to this issue.
(Maybe a poor implementation ...)
The console logs, including the debug logs, were too large to attach.

The parts that are clearly set for the SSH client are as follows.
ServerKeyVerifier
HostConfigEntryResolver
KeyIdentityProvider

In the log, the part where the error occurred is as follows.
You can see that SSHD recognizes the new Window size as a negative value.
{code:java}
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
org.apache.sshd.sftp.client.impl.DefaultSftpClient$SftpChannelSubsystem - 
handleWindowAdjust(SftpChannelSubsystem[id=0, 
recipient=0]-ClientSessionImpl[kada@/192.168.12.222:18022][sftp]) 
SSH_MSG_CHANNEL_WINDOW_ADJUST window=-94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
org.apache.sshd.common.io.nio2.Nio2Session - 
handleReadCycleFailure(Nio2Session[local=/0:0:0:0:0:0:0:0:51143, 
remote=/192.168.12.222:18022]) IllegalArgumentException after 8166700 nanos at 
read cycle=103401: Negative window size: -94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
org.apache.sshd.common.io.nio2.Nio2Session - 
exceptionCaught(Nio2Session[local=/0:0:0:0:0:0:0:0:51143, 
remote=/192.168.12.222:18022]) caught IllegalArgumentException[Negative window 
size: -94217] - calling handler
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
org.apache.sshd.client.session.ClientSessionImpl - 
signalAuthFailure(ClientSessionImpl[kada@/192.168.12.222:18022]) 
type=IllegalArgumentException, signalled=false, first=false: Negative window 
size: -94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] WARN 
org.apache.sshd.client.session.ClientSessionImpl - 
exceptionCaught(ClientSessionImpl[kada@/192.168.12.222:18022])[state=Opened] 
IllegalArgumentException: Negative window size: -94217
java.lang.IllegalArgumentException: Negative window size: -94217
    at 
org.apache.sshd.common.util.ValidateUtils.createFormattedException(ValidateUtils.java:213)
    at 
org.apache.sshd.common.util.ValidateUtils.throwIllegalArgumentException(ValidateUtils.java:179)
    at 
org.apache.sshd.common.util.ValidateUtils.checkTrue(ValidateUtils.java:162)
    at org.apache.sshd.common.channel.Window.expand(Window.java:123)
    at 
org.apache.sshd.common.channel.AbstractChannel.handleWindowAdjust(AbstractChannel.java:894)
    at 
org.apache.sshd.client.channel.AbstractClientChannel.handleWindowAdjust(AbstractClientChannel.java:448)
    at 
org.apache.sshd.common.session.helpers.AbstractConnectionService.channelWindowAdjust(AbstractConnectionService.java:614)
    at 
org.apache.sshd.common.session.helpers.AbstractConnectionService.process(AbstractConnectionService.java:477)
    at 
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526)
    at 
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
    at 
org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
    at 
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
    at 
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
    at 
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359)
    at 
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336)
    at 
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333)
    at 
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
    at java.security.AccessController.doPrivileged(Native Method)
    at 
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
    at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
    at sun.nio.ch.Invoker$2.run(Invoker.java:218)
    at 
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
    at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748) {code}

  was:
If the new window size specified by SSH_MSG_CHANNEL_WINDOW_ADJUST exceeds 
INT_MAX, it will not be recognized correctly.

I think the cause is in the following places:
org.apache.sshd.common.channel.Window.expand（int）

 

I am doing machine translation, so please allow it to be unnatural.

 

I encountered this issue when I was using ProFTPD as an SFTP server.
The version of ProFTPD is 1.3.5e.

The SFTP feature of ProFTPD notifies 2 ^ 32-1 bytes as the initial window size 
by default.
I've confirmed that SSHD can handle this without any problems, so I sent a 4GB 
file to see what happens when Window Adjust is done.
As a result, a Window Adjust was done and SSHD was unable to handle this 
successfully.

 

 


> Client fails window adjust above Integer.MAX_VALUE
> --------------------------------------------------
>
>                 Key: SSHD-1244
>                 URL: https://issues.apache.org/jira/browse/SSHD-1244
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.8.0
>            Reporter: Ryosuke Kanda
>            Assignee: Lyor Goldstein
>            Priority: Minor
>         Attachments: Main.java
>
>
> If the new window size specified by SSH_MSG_CHANNEL_WINDOW_ADJUST exceeds 
> INT_MAX, it will not be recognized correctly.
> I think the cause is in the following places:
> org.apache.sshd.common.channel.Window.expand（int）
>  
> I am doing machine translation, so please allow it to be unnatural.
>  
> I encountered this issue when I was using ProFTPD as an SFTP server.
> The version of ProFTPD is 1.3.5e.
> The SFTP feature of ProFTPD notifies 2 ^ 32-1 bytes as the initial window 
> size by default.
> I've confirmed that SSHD can handle this without any problems, so I sent a 
> 4GB file to see what happens when Window Adjust is done.
> As a result, a Window Adjust was done and SSHD was unable to handle this 
> successfully.
>  
> I have attached the client implementation to this issue.
> (Maybe a poor implementation ...)
> The console logs, including the debug logs, were too large to attach.
> The parts that are clearly set for the SSH client are as follows.
> ServerKeyVerifier
> HostConfigEntryResolver
> KeyIdentityProvider
> In the log, the part where the error occurred is as follows.
> You can see that SSHD recognizes the new Window size as a negative value.
> {code:java}
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
> org.apache.sshd.sftp.client.impl.DefaultSftpClient$SftpChannelSubsystem - 
> handleWindowAdjust(SftpChannelSubsystem[id=0, 
> recipient=0]-ClientSessionImpl[kada@/192.168.12.222:18022][sftp]) 
> SSH_MSG_CHANNEL_WINDOW_ADJUST window=-94217
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
> org.apache.sshd.common.io.nio2.Nio2Session - 
> handleReadCycleFailure(Nio2Session[local=/0:0:0:0:0:0:0:0:51143, 
> remote=/192.168.12.222:18022]) IllegalArgumentException after 8166700 nanos 
> at read cycle=103401: Negative window size: -94217
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
> org.apache.sshd.common.io.nio2.Nio2Session - 
> exceptionCaught(Nio2Session[local=/0:0:0:0:0:0:0:0:51143, 
> remote=/192.168.12.222:18022]) caught IllegalArgumentException[Negative 
> window size: -94217] - calling handler
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG 
> org.apache.sshd.client.session.ClientSessionImpl - 
> signalAuthFailure(ClientSessionImpl[kada@/192.168.12.222:18022]) 
> type=IllegalArgumentException, signalled=false, first=false: Negative window 
> size: -94217
> [sshd-SshClient[343f4d3d]-nio2-thread-5] WARN 
> org.apache.sshd.client.session.ClientSessionImpl - 
> exceptionCaught(ClientSessionImpl[kada@/192.168.12.222:18022])[state=Opened] 
> IllegalArgumentException: Negative window size: -94217
> java.lang.IllegalArgumentException: Negative window size: -94217
>     at 
> org.apache.sshd.common.util.ValidateUtils.createFormattedException(ValidateUtils.java:213)
>     at 
> org.apache.sshd.common.util.ValidateUtils.throwIllegalArgumentException(ValidateUtils.java:179)
>     at 
> org.apache.sshd.common.util.ValidateUtils.checkTrue(ValidateUtils.java:162)
>     at org.apache.sshd.common.channel.Window.expand(Window.java:123)
>     at 
> org.apache.sshd.common.channel.AbstractChannel.handleWindowAdjust(AbstractChannel.java:894)
>     at 
> org.apache.sshd.client.channel.AbstractClientChannel.handleWindowAdjust(AbstractClientChannel.java:448)
>     at 
> org.apache.sshd.common.session.helpers.AbstractConnectionService.channelWindowAdjust(AbstractConnectionService.java:614)
>     at 
> org.apache.sshd.common.session.helpers.AbstractConnectionService.process(AbstractConnectionService.java:477)
>     at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526)
>     at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
>     at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
>     at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
>     at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
>     at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359)
>     at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336)
>     at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333)
>     at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>     at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
>     at sun.nio.ch.Invoker$2.run(Invoker.java:218)
>     at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>     at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     at java.lang.Thread.run(Thread.java:748) {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Updated] (SSHD-1244) Client fails window adjust above Integer.MAX_VALUE

Reply via email to