SFTP Zero Byte Files

1. When getting a file with SFTP, the client should check that the requested file is a regular file based on its attributes. 2. Add the attributes to check in the permissions. 3. Add a new error for a non-regular file.
ejohnstown · Oct 25, 2023 · fb4dd0e · fb4dd0e
1 parent 2685dc9
commit fb4dd0e
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 1 deletion.
diff --git a/examples/sftpclient/sftpclient.c b/examples/sftpclient/sftpclient.c
@@ -523,6 +523,12 @@ static int doCmds(func_args* args)
 #endif
 
             if (ret != WS_SUCCESS) {
+                if (wolfSSH_get_error(ssh) == WS_SFTP_NOT_FILE_E) {
+                    if (SFTP_FPUTS(args, "Not a regular file\n")  < 0) {
+                         err_msg("fputs error");
+                         return -1;
+                    }
+                }
                 if (SFTP_FPUTS(args, "Error getting file\n")  < 0) {
                      err_msg("fputs error");
                      return -1;

diff --git a/src/internal.c b/src/internal.c
@@ -419,6 +419,9 @@ const char* GetErrorString(int err)
         case WS_MATCH_UA_KEY_ID_E:
             return "unable to match user auth key type";
 
+        case WS_SFTP_NOT_FILE_E:
+            return "not a regular file";
+
         default:
             return "Unknown error code";
     }

diff --git a/src/wolfsftp.c b/src/wolfsftp.c
@@ -8469,6 +8469,14 @@ int wolfSSH_SFTP_Get(WOLFSSH* ssh, char* from,
                     state->state = STATE_GET_CLEANUP;
                     continue;
                 }
+                if ((state->attrib.per & FILEATRB_PER_MASK_TYPE)
+                        != FILEATRB_PER_FILE) {
+                    WLOG(WS_LOG_SFTP, "Not a file");
+                    ssh->error = WS_SFTP_NOT_FILE_E;
+                    ret = WS_FATAL_ERROR;
+                    state->state = STATE_GET_CLEANUP;
+                    continue;
+                }
                 state->handleSz = WOLFSSH_MAX_HANDLE;
                 state->state = STATE_GET_OPEN_REMOTE;
                 NO_BREAK;

diff --git a/wolfssh/error.h b/wolfssh/error.h
@@ -128,8 +128,9 @@ enum WS_ErrorCodes {
     WS_CERT_KEY_SIZE_E      = -1087, /* Key size error */
     WS_CTX_KEY_COUNT_E      = -1088, /* Adding too many private keys */
     WS_MATCH_UA_KEY_ID_E    = -1089, /* Match user auth key key fail */
+    WS_SFTP_NOT_FILE_E      = -1090, /* Not a file */
 
-    WS_LAST_E               = -1089  /* Update this to indicate last error */
+    WS_LAST_E               = -1090  /* Update this to indicate last error */
 };
 
 

diff --git a/wolfssh/wolfsftp.h b/wolfssh/wolfsftp.h
@@ -126,6 +126,13 @@ struct WS_SFTP_FILEATRB_EX {
     WS_SFTP_FILEATRB_EX* next;
 };
 
+#define FILEATRB_PER_MASK_TYPE 0770000
+#define FILEATRB_PER_FILE      0100000
+#define FILEATRB_PER_DEV_CHAR  0020000
+#define FILEATRB_PER_DIR       0040000
+#define FILEATRB_PER_DEV_BLOCK 0060000
+#define FILEATRB_PER_MASK_PERM 0000777
+
 typedef struct WS_SFTP_FILEATRB {
     word32 flags;
     word32 sz[2]; /* sz[0] being the lower and sz[1] being the upper */