Failure/Permission Denied errors during writing make WinSCP crash

Hello!

I am using WinSCP 5.9 (Build 6786) and am trying to implement an mime filter in the openssh sftp-server code. Since I only know if the file that is loaded onto my server is allowed after the writing process started, I return a Permission Denied status during writing, as soon as the mime type can be determined from the file.

However, most of the time WinSCP returns a "packet was garbled on decryption" error. WinSCP is terminated and in the log "Fatal error while disposing the SFTP queue" can be read.
Even if it doesn't, it still sometimes procedes as if everything was fine and tries to rename the file, if it had been opened as <filename>.filepart. Only in very few cases it displays the error correctly and finishes after calling close.

How can I stop the writing process correctly?

Thanks,
moh

Can I have a test account on your server?

Or at least, can you post a complete session log file on Debug-1 level?

I added an attachment with three logfiles by WinSCP. First, there is the decryption error, in the second part the "no such file" error (since I didn't expect rename to be called after I sent permission denied, I already removed the file) and lastly the hoped for "permission denied" error. All cases are reached with the same code on the server side.

If you are wondering what I am doing in the openssh sftp-server code, here is a small summary:

1. process_open: If the flag for writing is set, I check whether there already exists a file with the given name or the name minus ".filepart". If this is so, I rename that file to have a backup in case the mime type of the new file is not on the whitelist. Then I write the name of the backup into the handle.

2. process_write: On every process_write I check the handle if it is locked (variable initiated with false). Then I write the bytes and check the mime type via libmagic. If it is not on my whitelist, I immediately truncate the file, set the lock and rename the backup file (if it exists) to it's original name. If the truncated file has ".filepart" in it's name, I unlink it. If there was no backup in the first place, I just unlink the truncated file. I send the status SSH2_FX_PERMISSION_DENIED.
If process_write is called and the lock is set, I just send the permission denied status.

3. process_close: If the handle wasn't locked and there is a backup file, I unlink it.

I installed the newest WinSCP Version, but the problem remains. In which part of the WinSCP code do I find the handling of errors (like permission denied) during writing?

Can you send me an email, so I can send you back a debug version of WinSCP to track the problem? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

I just sent the email. I am looking forward to the debug version. Thank you.

Two related issues have been added to the tracker:
https://winscp.net/tracker/1536
https://winscp.net/tracker/1537