Hello Atsuhiko,
thanks for your resonse, but I'm slightly confused: For me it looks like
Sftp
version 2 already specified a String message slot for the SSH_FXP_STATUS
packet:
http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-7
and the "General packet format" for sftp v3 clearly says that the data
payload
cannot go beyond the length of a packet:
http://tools.ietf.org/html/draft-ietf-secsh-filexfer-03#section-3
So if this is really a bug in our SSH server (which it could be), I'd need
to report the corresponding protocol specification to our server team.
If they are indeed REQUIRED to send a String, can you point me to
the corresponding text in the protocol specs?
Thanks!
Martin
Atsuhiko Yamanaka schrieb:
> Hi,
>
> +-From: "Oberhuber, Martin" <[EMAIL PROTECTED]> --
> |_Date: Tue, 6 Nov 2007 17:44:45 +0100 ________________________
> |
> |I have an SSH Server with Sftp version 3, but it does not send
> |plaintext error messages. Instead, when an SSH_FXP_STATUS
> |package is received, the "Header" packet indicates only 4
> |bytes length for the actual status packet; these 4 bytes
> |hold the (int) error number but no plaintext error message.
>
> Those messages are added since Sftp version 3 according to the specification.
> So, if your server says it implements sftp version 3,
> messages should be sent. I think that it has come from its implementation
> bug.
>
> |Attached is a "poor man's" version of a patch to fix the
> |issue. I think that the patch could be improved by
> | (1) calling a common checkStatus() method rather than
> | having the same if... code again and again
> | (2) in getString(), have a safeguard to ensure that
> | the String being allocated cannot be larger than
> | the maximum packet size / buffer size.
>
> Frankly to say, I'm not so interested in changing the code for
> such an incomplete server. Can you believe that it does not have
> any other problems? Why you can transfer your secrets to/from
> such a buggy server?
>
> Anyway, we should survive for such OutOfMemory DOS attack.
> # FYI, it seems OpenSSH's sftp command has not checked messages,
> The next version will check the available byte length before
> getting messages even if the server says it implements
> sftp version 3 or later.
>
>
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
> +1-415-578-3454
> Fax +81-22-224-8773
> Skype callto://jcraft/
>
--
Martin Oberhuber
Wind River Systems, Inc.
Target Management Project Lead, DSDP PMC Member
http://www.eclipse.org/dsdp/tm
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
