[GitHub] [mina-sshd] ecarou opened a new issue, #329: DefaultSftpClient : add a property to allow to change the predefined maxLength of packet in method received

Tue, 07 Mar 2023 02:29:02 -0800 


ecarou opened a new issue, #329:
URL: https://github.com/apache/mina-sshd/issues/329

   ### Description
   
   in DefaultSftpClient, the method received test the maximum size of the 
packet just received with this : 
   
   `if (length > (8 * SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT)) 
{
                   throw new StreamCorruptedException("Illogical sftp packet 
length: " + length);
               }`
   
   Unfortunately, this default 8 times is a bit low and cannot be modified.
   
   When retrieving a directory listing from a server, i got the exception 
"illogical sftp packet length", and after investigating, the server contains 
about 6500 directories to retrieve info about.
   
   Changing this value to a bigger one solved the issue for my cases, but i'm 
wondering if we can parametrised this value and not hard coding it in the futur.
   
   
   
   ### Motivation
   
   From https://www.rfc-editor.org/rfc/rfc4253#section-6.1
                
   All implementations MUST be able to process packets with anuncompressed 
payload length of 32768 bytes or less and a total packet size of 35000 bytes or 
less (including 'packet_length', 'padding_length', 'payload', 'random padding', 
and 'mac').  The maximum of 35000 bytes is an arbitrarily chosen value that is 
largerthan the uncompressed length noted above.  Implementations SHOULDsupport 
longer packets, where they might be needed.  For example, if  an implementation 
wants to send a very large number of certificates, the larger packets MAY be 
sent if the identification string indicatesthat the other party is able to 
process them.  However, implementations SHOULD check that the packet length is 
reasonable in order for the implementation to avoid denial of service and/or 
buffer overflow attacks.
   
   ### Alternatives considered
   
   _No response_
   
   ### Additional context
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to