Topic "Bug in SFTP protocol implementation, SftpFileSystem.cpp"

Author Message
erwin
[View user's profile]

Joined: 2004-03-15
Posts: 1
This bug only applies to SFTP protocol version 4. Version 3 is still the most common version, as OpenSSH implements it.

When SUBSECOND_TIMES are used in the ATTRS data structure in the wire protocol, WinSCP3.5.6 does not handle the parsing of the packet correctly.

It tries to read the nano seconds for the ACCESS, MODIFY and CREATE time stamps, regardless of whether there actually are ACCESS, MODIFY and CREATE times in the ATTRS structure.

The source now:

if (Flags & SSH_FILEXFER_ATTR_ACCESSTIME)
{
File->LastAccess = UnixToDateTime((unsigned long)GetInt64());
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip access time subseconds
}
if (Flags & SSH_FILEXFER_ATTR_CREATETIME)
{
GetInt64(); // skip create time
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip create time subseconds
}
if (Flags & SSH_FILEXFER_ATTR_MODIFYTIME)
{
File->Modification = UnixToDateTime((unsigned long)GetInt64());
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip modification time subseconds
}


It should be:

if (Flags & SSH_FILEXFER_ATTR_ACCESSTIME)
{
File->LastAccess = UnixToDateTime((unsigned long)GetInt64());
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip access time subseconds
}
}

etc.


I'm actually implementing an SFTP server that supports protocol versions 4 and 5; there aren't too many of those around, that's probably why the bug hasn't been discovered yet.

- Erwin
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Thanks. I'll fix it.
If you want to test your server with WinSCP I can provide you fixed version.

Is there SFTP version 5 already? I've though that the lastest version is SFTP4. Can you send me a link to the specification? Thanks.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License