Cap the maximum SFTP write value to 32768 bytes

Resolves: RHEL-5485 Signed-off-by: Sahana Prasad <sahana@redhat.com>
2023-09-19 12:41:20 +02:00 · 2023-09-19 12:41:20 +02:00 · 0e94b4d5ee
commit 0e94b4d5ee
parent 57094428a4
2 changed files with 40 additions and 1 deletions
--- a/libssh.spec
+++ b/libssh.spec
@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.6
-Release:        12%{?dist}
+Release:        13%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@ -17,6 +17,7 @@ Patch2:         null_dereference_rekey.patch
 Patch3:         auth_bypass.patch
 Patch4:         fix_tests.patch
 Patch5:         covscan23.patch
+Patch6:         sftp_write_cap.patch

 BuildRequires:  cmake
 BuildRequires:  doxygen
@ -145,6 +146,10 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config

 %changelog
+* Wed Sep 20 2023 Sahana Prasad <sahana@redhat.com> - 0.9.6-13
+- Cap the maximum SFTP write value to 32768 bytes
+- Resolves: RHEL-5485
+
 * Mon May 15 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-12
 - Fix loglevel regression
 - Related: rhbz#2182251, rhbz#2189742
--- a/sftp_write_cap.patch
+++ b/sftp_write_cap.patch
@ -0,0 +1,34 @@
+diff -up libssh-0.10.4/include/libssh/sftp.h-cap libssh-0.10.4/include/libssh/sftp.h
+--- libssh-0.10.4/include/libssh/sftp.h-cap	2023-09-19 11:28:41.304353437 +0200
+++ libssh-0.10.4/include/libssh/sftp.h	2023-09-19 11:34:20.828666252 +0200
+@@ -550,6 +550,10 @@ LIBSSH_API int sftp_async_read(sftp_file
+ /**
+  * @brief Write to a file using an opened sftp file handle.
+  *
+ * The maximum size of the SFTP packet payload is 32768 bytes so the count
+ * parameter is capped at this value. This is low-level function so it does not
+ * try to send more than this amount of data.
+ *
+  * @param file          Open sftp file handle to write to.
+  *
+  * @param buf           Pointer to buffer to write data.
+diff -up libssh-0.10.4/src/sftp.c-cap libssh-0.10.4/src/sftp.c
+--- libssh-0.10.4/src/sftp.c-cap	2023-09-19 11:29:02.897569013 +0200
+++ libssh-0.10.4/src/sftp.c	2023-09-19 11:30:36.827506743 +0200
+@@ -2179,6 +2179,16 @@ ssize_t sftp_write(sftp_file file, const
+ 
+   id = sftp_get_new_id(file->sftp);
+ 
+  /* limit the writes to the maximum specified in Section 3 of
+   * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02
+   *
+   * FIXME: This value should be adjusted to the value from the
+   * limits@openssh.com extension if supported
+   * TODO: We should iterate over the blocks rather than writing less than
+   * requested to provide less surprises to the calling applications.
+   */
+  count = count > 32768 ? 32768 : count;
+
+   rc = ssh_buffer_pack(buffer,
+                        "dSqdP",
+                        id,