To whom it may concern: Observe the file SftpSubsystem.java, located here: https://github.com/apache/mina-sshd/blob/d4a524e428449f53a0e4b2402ca5419a436eb77d/sshd-core/src/main/java/org/apache/sshd/server/sftp/SftpSubsystem.java.
I've noticed that at line 513, Buffer.getBytes() internally reads an int then, if that int is greater than Buffer.MAX_LEN, getBytes() throws an exception. Meaning, if we pass in a buffer larger than Buffer.MAX_LEN, this breaks. I've looked at your page at http://mina.apache.org/sshd-project/issue_tracking.html and I see that I can create a bug for this (there doesn't appear to be any existing bugs). First of all, could you confirm that this is indeed a bug, that I'm not missing some bounds checking earlier in the file? We've modified this file in our environment. Second of all, if this indeed a bug, I'll be glad to make a bug report and submit a .patch file to the bug report - I've already implemented a fix for this. Let me know your thoughts. Thank you! -Doug Tucker
