This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push:
new 37d239e79 GH-509: AbstractSftpClient: validate SSH_FXP_ATTRS flags
37d239e79 is described below
commit 37d239e792edabe2008df8e98bf00eef167a147f
Author: Thomas Wolf <[email protected]>
AuthorDate: Mon May 27 22:02:09 2024 +0200
GH-509: AbstractSftpClient: validate SSH_FXP_ATTRS flags
In SFTP versions >= 4, the flags must not include flag 0x2
(SSH_FILEXFER_ATTR_UIDGID).[1] Throw an exception if the client
receives this flag from the server, and ensure the client does
not send this flag.
On the server side, we never send back this flag in SFTP >= v4,
and we silently ignore it if a client sends it.
[1]
https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-03#section-5.1
Bug: https://github.com/apache/mina-sshd/issues/509
---
CHANGES.md | 1 +
.../java/org/apache/sshd/sftp/client/impl/AbstractSftpClient.java | 8 +++++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index af9158b5e..75e573df3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -40,6 +40,7 @@
* [GH-493](https://github.com/apache/mina-sshd/issues/493) Fix arcfour128 and
arcfour256 ciphers
* [GH-500](https://github.com/apache/mina-sshd/issues/500) SFTP file system:
fix memory leak on exceptions
* [GH-504](https://github.com/apache/mina-sshd/issues/504) Pass through
failure exception to `SessionListener.sessionNegotiationEnd()`
+* [GH-509](https://github.com/apache/mina-sshd/issues/509) SFTP v[456] client:
validate attribute flags
* [PR-472](https://github.com/apache/mina-sshd/pull/472) sshd-spring-sftp: fix
client start
* [PR-476](https://github.com/apache/mina-sshd/pull/476) Fix Android detection
diff --git
a/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/AbstractSftpClient.java
b/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/AbstractSftpClient.java
index 40155fd60..00c2d44b5 100644
---
a/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/AbstractSftpClient.java
+++
b/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/AbstractSftpClient.java
@@ -425,6 +425,8 @@ public abstract class AbstractSftpClient
attrs.setModifyTime(SftpHelper.readTime(buffer, version,
flags));
}
} else if (version >= SftpConstants.SFTP_V4) {
+ ValidateUtils.checkTrue((flags &
SftpConstants.SSH_FILEXFER_ATTR_UIDGID) == 0,
+ "SFTP v%d server sent invalid SSH_FXP_ATTRS flags 0x%X;
flag 0x2 must not be set", version, flags);
attrs.setType(buffer.getUByte());
if ((flags & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) {
attrs.setSize(buffer.getLong());
@@ -1025,7 +1027,7 @@ public abstract class AbstractSftpClient
int version = getVersion();
if (version >= SftpConstants.SFTP_V4) {
- buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL);
+ buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL &
~SftpConstants.SSH_FILEXFER_ATTR_UIDGID);
}
if (log.isDebugEnabled()) {
@@ -1045,7 +1047,7 @@ public abstract class AbstractSftpClient
int version = getVersion();
if (version >= SftpConstants.SFTP_V4) {
- buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL);
+ buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL &
~SftpConstants.SSH_FILEXFER_ATTR_UIDGID);
}
if (log.isDebugEnabled()) {
@@ -1066,7 +1068,7 @@ public abstract class AbstractSftpClient
int version = getVersion();
if (version >= SftpConstants.SFTP_V4) {
- buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL);
+ buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL &
~SftpConstants.SSH_FILEXFER_ATTR_UIDGID);
}
if (log.isDebugEnabled()) {
