From 5b932495cc9a287a6f2b2b67200210dd09916235 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 15 Oct 2014 17:27:48 +0200 Subject: [PATCH 1/8] SFTP: Replace incorrect comment about filesize. There is no 4 GiB limit. --- phpseclib/Net/SFTP.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index 400e86f3..1a834bc6 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -2473,11 +2473,12 @@ class Net_SFTP extends Net_SSH2 foreach ($this->attributes as $key => $value) { switch ($flags & $key) { case NET_SFTP_ATTR_SIZE: // 0x00000001 - // size is represented by a 64-bit integer, so we perhaps ought to be doing the following: - // $attr['size'] = new Math_BigInteger($this->_string_shift($response, 8), 256); - // of course, you shouldn't be using Net_SFTP to transfer files that are in excess of 4GB - // (0xFFFFFFFF bytes), anyway. as such, we'll just represent all file sizes that are bigger than - // 4GB as being 4GB. + // The size attribute is defined as an unsigned 64-bit integer. + // The following will use floats on 32-bit platforms, if necessary. + // As can be seen in the BigInteger class, floats are generally + // IEEE 754 binary64 "double precision" on such platforms and + // as such can represent integers of at least 2^50 without loss + // of precision. Interpreted in filesize, 2^50 bytes = 1024 TiB. extract(unpack('Nupper/Nsize', $this->_string_shift($response, 8))); $attr['size'] = $upper ? 4294967296 * $upper : 0; $attr['size']+= $size < 0 ? ($size & 0x7FFFFFFF) + 0x80000000 : $size; From ad03d8446190a4c34034be50605e7ea829928ffe Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 17 Oct 2014 18:03:02 +0200 Subject: [PATCH 2/8] Restore compatibility with PHP 5.6.1 by using explicit array indexes. This seems to be caused by the resolution of PHP Ticket 67985. --- phpseclib/Math/BigInteger.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index ec229596..109d346e 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -915,7 +915,7 @@ class Math_BigInteger $value = $x_value; } - $value[] = 0; // just in case the carry adds an extra digit + $value[count($value)] = 0; // just in case the carry adds an extra digit $carry = 0; for ($i = 0, $j = 1; $j < $size; $i+=2, $j+=2) { @@ -2137,7 +2137,7 @@ class Math_BigInteger if ($this->_compare($result, false, $temp[MATH_BIGINTEGER_VALUE], $temp[MATH_BIGINTEGER_SIGN]) < 0) { $corrector_value = $this->_array_repeat(0, $n_length + 1); - $corrector_value[] = 1; + $corrector_value[count($corrector_value)] = 1; $result = $this->_add($result, false, $corrector_value, false); $result = $result[MATH_BIGINTEGER_VALUE]; } @@ -3482,7 +3482,7 @@ class Math_BigInteger } if ( $carry ) { - $this->value[] = $carry; + $this->value[count($this->value)] = $carry; } while ($num_digits--) { From 6182a643945e43fbaad08e9e6a542879221fecb3 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 14 Oct 2014 18:17:14 +0200 Subject: [PATCH 3/8] SFTP: Add truncate() to size() test for files larger than 4 GiB. --- tests/Functional/Net/SFTPUserStoryTest.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/Functional/Net/SFTPUserStoryTest.php b/tests/Functional/Net/SFTPUserStoryTest.php index 7388e89d..faf56807 100644 --- a/tests/Functional/Net/SFTPUserStoryTest.php +++ b/tests/Functional/Net/SFTPUserStoryTest.php @@ -431,6 +431,20 @@ class Functional_Net_SFTPUserStoryTest extends PhpseclibFunctionalTestCase /** * @depends testFileExistsIsFileIsDirDir */ + public function testTruncateLargeFile($sftp) + { + $filesize = (4 * 1024 + 16) * 1024 * 1024; + $filename = 'file-large-from-truncate-4112MiB.txt'; + $this->assertTrue($sftp->touch($filename)); + $this->assertTrue($sftp->truncate($filename, $filesize)); + $this->assertSame($filesize, $sftp->size($filename)); + + return $sftp; + } + + /** + * @depends testTruncateLargeFile + */ public function testRmDirScratch($sftp) { $this->assertFalse( From 5c3058cc4bfa6c519092a0ab9efff75f290d5811 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 19 Oct 2014 21:07:12 +0200 Subject: [PATCH 4/8] SFTP: Use hexdec() and bin2hex() for filesize calculation. --- phpseclib/Net/SFTP.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index 1a834bc6..0fe88e0e 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -2479,9 +2479,7 @@ class Net_SFTP extends Net_SSH2 // IEEE 754 binary64 "double precision" on such platforms and // as such can represent integers of at least 2^50 without loss // of precision. Interpreted in filesize, 2^50 bytes = 1024 TiB. - extract(unpack('Nupper/Nsize', $this->_string_shift($response, 8))); - $attr['size'] = $upper ? 4294967296 * $upper : 0; - $attr['size']+= $size < 0 ? ($size & 0x7FFFFFFF) + 0x80000000 : $size; + $attr['size'] = hexdec(bin2hex($this->_string_shift($response, 8))); break; case NET_SFTP_ATTR_UIDGID: // 0x00000002 (SFTPv3 only) $attr+= unpack('Nuid/Ngid', $this->_string_shift($response, 8)); From 3eac2582d6668ef6c6ef29e7de9cacf6f1b9f834 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 6 Nov 2014 11:58:03 -0600 Subject: [PATCH 5/8] SSH2: fix issues with RSA key verification Sometimes SSH servers will null pad their RSA keys. this null padding broke Net/SSH2.php's RSA implementation (Crypt/RSA.php's implementation works just fine). Also, the -3 was counting the initial "\0" of $h twice so adjust it to -2. --- phpseclib/Net/SSH2.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index ad996d7b..73259cdb 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -77,7 +77,7 @@ define('NET_SSH2_MASK_CONNECTED', 0x00000002); define('NET_SSH2_MASK_LOGIN_REQ', 0x00000004); define('NET_SSH2_MASK_LOGIN', 0x00000008); define('NET_SSH2_MASK_SHELL', 0x00000010); -define('NET_SSH2_MASK_WINDOW_ADJUST', 0X00000020); +define('NET_SSH2_MASK_WINDOW_ADJUST', 0x00000020); /**#@-*/ /**#@+ @@ -3769,8 +3769,9 @@ class Net_SSH2 $e = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256); $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4)); - $n = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256); - $nLength = $temp['length']; + $rawN = $this->_string_shift($server_public_host_key, $temp['length']); + $n = new Math_BigInteger($rawN, -256); + $nLength = strlen(ltrim($rawN, "\0")); /* $temp = unpack('Nlength', $this->_string_shift($signature, 4)); @@ -3807,7 +3808,7 @@ class Net_SSH2 $s = $s->toBytes(); $h = pack('N4H*', 0x00302130, 0x0906052B, 0x0E03021A, 0x05000414, sha1($this->exchange_hash)); - $h = chr(0x01) . str_repeat(chr(0xFF), $nLength - 3 - strlen($h)) . $h; + $h = chr(0x01) . str_repeat(chr(0xFF), $nLength - 2 - strlen($h)) . $h; if ($s != $h) { user_error('Bad server signature'); From 860ba065c421b72954e30b72c19b7c857c0be979 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 9 Nov 2014 20:30:27 -0600 Subject: [PATCH 6/8] add CHANGELOG.md --- CHANGELOG.md | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..0fd3ca09 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,83 @@ +# Changelog + +## 0.3.9 - 2014-11-09 + +- PHP 5.6 improvements ([#482](https://github.com/phpseclib/phpseclib/pull/482), [#491](https://github.com/phpseclib/phpseclib/issues/491)) + +## 0.3.8 - 2014-09-12 + +- improve support for indef lengths in File_ASN1 +- add hmac-sha2-256 support to Net_SSH2 +- make it so negotiated algorithms can be seen before Net_SSH2 login +- add sha256-96 and sha512-96 to Crypt_Hash +- window size handling adjustments in Net_SSH2 + +## 0.3.7 - 2014-07-05 + +- auto-detect public vs private keys +- add file_exists, is_dir, is_file, readlink and symlink to Net_SFTP +- add support for recursive nlist and rawlist +- make it so nlist and rawlist can return pre-sorted output +- make it so callback functions can make exec() return early +- add signSPKAC and saveSPKAC methods to File_X509 +- add support for PKCS8 keys in Crypt_RSA +- add pbkdf1 support to setPassword() in Crypt_Base +- add getWindowColumns, getWindowRows, setWindowColumns, setWindowRows to Net_SSH2 +- add support for filenames with spaces in them to Net_SCP + +## 0.3.6 - 2014-02-23 + +- add preliminary support for custom SSH subsystems +- add ssh-agent support + +## 0.3.5 - 2013-07-11 + +- numerous SFTP changes: + - chown + - chgrp + - truncate + - improved file type detection + - put() can write to te middle of a file + - mkdir accepts the same paramters that PHP's mkdir does + - the ability to upload/download 2GB files +- across-the-board speedups for the various encryption algorithms +- multi-factor authentication support for Net_SSH2 +- a $callback parameter for Net_SSH2::exec +- new classes: + - Net_SFTP_StreamWrapper + - Net_SCP + - Crypt_Twofish + - Crypt_Blowfish + +## 0.3.1 - 2012-11-20 + +- add Net_SSH2::enableQuietMode() for suppressing stderr +- add Crypt_RSA::__toString() and Crypt_RSA::getSize() +- fix problems with File_X509::validateDate(), File_X509::sign() and Crypt_RSA::verify() +- use OpenSSL to speed up modular exponention in Math_BigInteger +- improved timeout functionality in Net_SSH2 +- add support for SFTPv2 +- add support for CRLs in File_X509 +- SSH-2.0-SSH doesn't implement hmac-*-96 correctly + +## 0.3.0 - 2012-07-08 + +- add support for reuming Net_SFTP::put() +- add support for recursive deletes and recursive chmods to Net_SFTP +- add setTimeout() to Net_SSH2 +- add support for PBKDF2 to the various Crypt_* classes via setPassword() +- add File_X509 and File_ASN1 +- add the ability to decode various formats in Crypt_RSA +- make Net_SSH2::getServerPublicHostKey() return a printer-friendly version of the public key + +## 0.2.2 - 2011-05-09 + +- CFB and OFB modes were added to all block ciphers +- support for interactive mode was added to Net_SSH2 +- Net_SSH2 now has limited keyboard_interactive authentication support +- support was added for PuTTY formatted RSA private keys and XML formatted RSA private keys +- Crypt_RSA::loadKey() will now try all key types automatically += add support for AES-128-CBC and DES-EDE3-CFB encrypted RSA private keys +- add Net_SFTP::stat(), Net_SFTP::lstat() and Net_SFTP::rawlist() +- logging was added to Net_SSH1 +- the license was changed to the less restrictive MIT license \ No newline at end of file From 76c1c6607fa082ef182002791d14b51bb24415ba Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 9 Nov 2014 21:08:08 -0600 Subject: [PATCH 7/8] update download version in README.me --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3c9515b4..cad56570 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -* [Download (0.3.8)](http://sourceforge.net/projects/phpseclib/files/phpseclib0.3.8.zip/download) +* [Download (0.3.9)](http://sourceforge.net/projects/phpseclib/files/phpseclib0.3.9.zip/download) * [Browse Git](https://github.com/phpseclib/phpseclib) * [Code Coverage Report](http://phpseclib.bantux.org/code_coverage/master/latest/) From b1e66430321129ad88b44efae76f140f2707f4f3 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 19 Nov 2014 22:38:19 -0600 Subject: [PATCH 8/8] SSH2: clarify exec() docblock comment --- phpseclib/Net/SSH2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 73259cdb..c904e678 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -2261,7 +2261,7 @@ class Net_SSH2 /** * Execute Command * - * If $block is set to false then Net_SSH2::_get_channel_packet(NET_SSH2_CHANNEL_EXEC) will need to be called manually. + * If $callback is set to false then Net_SSH2::_get_channel_packet(NET_SSH2_CHANNEL_EXEC) will need to be called manually. * In all likelihood, this is not a feature you want to be taking advantage of. * * @param String $command