SFTP Zero Byte Files

1. When getting a file with SFTP, the client should check that the requested file is a regular file based on its attributes. 2. Add the attributes to check in the permissions. 3. Add a new error for a non-regular file.
wolfSSL · Dec 5, 2023 · 6aad26d · 6aad26d
1 parent c5cb920
commit 6aad26d
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 1 deletion.
diff --git a/examples/sftpclient/sftpclient.c b/examples/sftpclient/sftpclient.c
@@ -523,6 +523,12 @@ static int doCmds(func_args* args)
 #endif
 
             if (ret != WS_SUCCESS) {
+                if (wolfSSH_get_error(ssh) == WS_SFTP_NOT_FILE_E) {
+                    if (SFTP_FPUTS(args, "Not a regular file\n")  < 0) {
+                         err_msg("fputs error");
+                         return -1;
+                    }
+                }
                 if (SFTP_FPUTS(args, "Error getting file\n")  < 0) {
                      err_msg("fputs error");
                      return -1;

diff --git a/src/internal.c b/src/internal.c
@@ -430,6 +430,9 @@ const char* GetErrorString(int err)
         case WS_KEY_FORMAT_E:
             return "key format wrong error";
 
+        case WS_SFTP_NOT_FILE_E:
+            return "not a regular file";
+
         default:
             return "Unknown error code";
     }

diff --git a/src/wolfsftp.c b/src/wolfsftp.c
@@ -8473,6 +8473,14 @@ int wolfSSH_SFTP_Get(WOLFSSH* ssh, char* from,
                     state->state = STATE_GET_CLEANUP;
                     continue;
                 }
+                if ((state->attrib.per & FILEATRB_PER_MASK_TYPE)
+                        != FILEATRB_PER_FILE) {
+                    WLOG(WS_LOG_SFTP, "Not a file");
+                    ssh->error = WS_SFTP_NOT_FILE_E;
+                    ret = WS_FATAL_ERROR;
+                    state->state = STATE_GET_CLEANUP;
+                    continue;
+                }
                 state->handleSz = WOLFSSH_MAX_HANDLE;
                 state->state = STATE_GET_OPEN_REMOTE;
                 NO_BREAK;

diff --git a/wolfssh/error.h b/wolfssh/error.h
@@ -131,8 +131,9 @@ enum WS_ErrorCodes {
     WS_KEY_AUTH_MAGIC_E     = -1090, /* OpenSSH key auth magic check fail */
     WS_KEY_CHECK_VAL_E      = -1091, /* OpenSSH key check value fail */
     WS_KEY_FORMAT_E         = -1092, /* OpenSSH key format fail */
+    WS_SFTP_NOT_FILE_E      = -1093, /* Not a regular file */
 
-    WS_LAST_E               = -1092  /* Update this to indicate last error */
+    WS_LAST_E               = -1093  /* Update this to indicate last error */
 };
 
 

diff --git a/wolfssh/wolfsftp.h b/wolfssh/wolfsftp.h
@@ -126,6 +126,13 @@ struct WS_SFTP_FILEATRB_EX {
     WS_SFTP_FILEATRB_EX* next;
 };
 
+#define FILEATRB_PER_MASK_TYPE 0770000
+#define FILEATRB_PER_FILE      0100000
+#define FILEATRB_PER_DEV_CHAR  0020000
+#define FILEATRB_PER_DIR       0040000
+#define FILEATRB_PER_DEV_BLOCK 0060000
+#define FILEATRB_PER_MASK_PERM 0000777
+
 typedef struct WS_SFTP_FILEATRB {
     word32 flags;
     word32 sz[2]; /* sz[0] being the lower and sz[1] being the upper */