danog/tgseclib
1
0
Fork 0
mirror of https://github.com/danog/tgseclib.git synced 2024-11-30 04:39:02 +01:00
Code Issues Projects Releases Wiki Activity

SFTP: improve handling of malformed packets

Browse Source
This commit is contained in:
terrafrost 2019-05-28 08:47:34 -05:00
parent 677ae387b0
commit 8df35cc368
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
phpseclib/Net/SFTP.php
View File

@ -3049,7 +3049,9 @@ class Net_SFTP extends Net_SSH2
return $temp; return $temp;
} }
$this->curTimeout = false; // in SSH2.php the timeout is cumulative per function call. eg. exec() will
// timeout after 10s. but for SFTP.php it's cumulative per packet
$this->curTimeout = $this->timeout;
$start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838 $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
@ -3070,6 +3072,13 @@ class Net_SFTP extends Net_SSH2
$tempLength = $length; $tempLength = $length;
$tempLength-= strlen($this->packet_buffer); $tempLength-= strlen($this->packet_buffer);
// 256 * 1024 is what SFTP_MAX_MSG_LENGTH is set to in OpenSSH's sftp-common.h
if ($tempLength > 256 * 1024) {
user_error('Invalid SFTP packet size');
return false;
}
// SFTP packet type and data payload // SFTP packet type and data payload
while ($tempLength > 0) { while ($tempLength > 0) {
$temp = $this->_get_channel_packet(NET_SFTP_CHANNEL, true); $temp = $this->_get_channel_packet(NET_SFTP_CHANNEL, true);