SFTP: improve handling of malformed packets

This commit is contained in:
terrafrost 2019-05-28 08:47:34 -05:00
parent 677ae387b0
commit 8df35cc368

View File

@ -3049,7 +3049,9 @@ class Net_SFTP extends Net_SSH2
return $temp;
}
$this->curTimeout = false;
// in SSH2.php the timeout is cumulative per function call. eg. exec() will
// timeout after 10s. but for SFTP.php it's cumulative per packet
$this->curTimeout = $this->timeout;
$start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
@ -3070,6 +3072,13 @@ class Net_SFTP extends Net_SSH2
$tempLength = $length;
$tempLength-= strlen($this->packet_buffer);
// 256 * 1024 is what SFTP_MAX_MSG_LENGTH is set to in OpenSSH's sftp-common.h
if ($tempLength > 256 * 1024) {
user_error('Invalid SFTP packet size');
return false;
}
// SFTP packet type and data payload
while ($tempLength > 0) {
$temp = $this->_get_channel_packet(NET_SFTP_CHANNEL, true);