As a followup to the bug I reported yesterday, I have found some more issues in the packet handling with the latest code in CVS. For one, in the transportpacket structure, the total_num field is an integer, so if the packet is corrupted (this is happening with large SFTP reads – I'm still trying to determine why), this value can be negative.
As a result, on transport.c:374, the comparison will not correctly detect the bad packet and libssh2 tries to allocate the memory of total_num, which as a negative number results in a large allocation that may crash. It would be best to make total_num unsigned, but if this isn't possible for some reason, then it should be explicitly cast as unsigned or checked for a negative value whenever it used. Regards, Lucas On Feb 11, 2007, at 11:25 PM, Lucas Newman wrote: > Hello, > > There appears to be a problem doing SFTP reads with the latest code in > CVS. I used the samples "example/simple/sftp_nonblock.c" and > "example/ > simple/sftp.c"for these results. Trying to read buffers larger than a > kilobyte (1393 bytes seems to be the cutoff - memory smasher?) causes > MAC validation to fail. I double checked to make sure my buffers were > big enough, so this seems to be a bug in libssh2. Here's the relevant > log: > > ... > libssh2_sftp_open() is done, now receive data! > [libssh2] Connection: Setting blocking mode on channel 0/0 to 0 > [libssh2] SFTP Subsystem: Reading 8192 bytes from SFTP handle > [libssh2] Connection: Setting blocking mode on channel 0/0 to 1 > [libssh2] Connection: Writing 29 bytes on channel 0/0, stream #0 > [libssh2] Connection: Sending 29 bytes on channel 0/0, stream_id=0 > [libssh2] Connection: Setting blocking mode on channel 0/0 to 0 > [libssh2] SFTP Subsystem: Waiting for packet: willnot block > [libssh2] Connection: Setting blocking mode on channel 0/0 to 0 > [libssh2] Connection: Attempting to read 4 bytes from channel 0/0 > stream #0 > [libssh2] Connection: Setting blocking mode on channel 0/0 to 0 > [libssh2] Connection: Setting blocking mode on channel 0/0 to 0 > [libssh2] Failure Event: -30 - Timeout waiting for FXP packet > [libssh2] SFTP Subsystem: Asking for 103 packet > [libssh2] SFTP Subsystem: Asking for 101 packet > [libssh2] SFTP Subsystem: Waiting for packet: will block > [libssh2] Connection: Setting blocking mode on channel 0/0 to 1 > [libssh2] Connection: Attempting to read 4 bytes from channel 0/0 > stream #0 > [libssh2] Connection: Setting blocking mode on channel 0/0 to 0 > [libssh2] Connection: Setting blocking mode on channel 0/0 to 1 > [libssh2] Transport: Packet type 94 received, length=8214 > [libssh2] Failure Event: -4 - Invalid Message Authentication Code > received > > The subsystem then discards the packet and I get an error thrown > back. It is impossible to get a decent of transfer speed using 512 - > 1000 byte reads like the example. It looks like every read incurs a > command write and status read on the wire before the user's read, so > there is a ton of overhead from doing small reads. > > Any ideas? > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > libssh2-devel mailing list > libssh2-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/libssh2-devel ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ libssh2-devel mailing list libssh2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libssh2-devel
