Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Bug in SFTP protocol implementation, SftpFileSystem.cpp

Thanks. I'll fix it.
If you want to test your server with WinSCP I can provide you fixed version.

Is there SFTP version 5 already? I've though that the lastest version is SFTP4. Can you send me a link to the specification? Thanks.
erwin

Bug in SFTP protocol implementation, SftpFileSystem.cpp

This bug only applies to SFTP protocol version 4. Version 3 is still the most common version, as OpenSSH implements it.

When SUBSECOND_TIMES are used in the ATTRS data structure in the wire protocol, WinSCP3.5.6 does not handle the parsing of the packet correctly.

It tries to read the nano seconds for the ACCESS, MODIFY and CREATE time stamps, regardless of whether there actually are ACCESS, MODIFY and CREATE times in the ATTRS structure.

The source now:

if (Flags & SSH_FILEXFER_ATTR_ACCESSTIME)
{
File->LastAccess = UnixToDateTime((unsigned long)GetInt64());
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip access time subseconds
}
if (Flags & SSH_FILEXFER_ATTR_CREATETIME)
{
GetInt64(); // skip create time
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip create time subseconds
}
if (Flags & SSH_FILEXFER_ATTR_MODIFYTIME)
{
File->Modification = UnixToDateTime((unsigned long)GetInt64());
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip modification time subseconds
}


It should be:

if (Flags & SSH_FILEXFER_ATTR_ACCESSTIME)
{
File->LastAccess = UnixToDateTime((unsigned long)GetInt64());
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip access time subseconds
}
}

etc.


I'm actually implementing an SFTP server that supports protocol versions 4 and 5; there aren't too many of those around, that's probably why the bug hasn't been discovered yet.

- Erwin