Le 08/11/14 01:22, doug_tuc...@dell.com a écrit : > To whom it may concern: > > Observe the file SftpSubsystem.java, located here: > https://github.com/apache/mina-sshd/blob/d4a524e428449f53a0e4b2402ca5419a436eb77d/sshd-core/src/main/java/org/apache/sshd/server/sftp/SftpSubsystem.java. > > I've noticed that at line 513, Buffer.getBytes() internally reads an int > then, if that int is greater than Buffer.MAX_LEN, getBytes() throws an > exception. Meaning, if we pass in a buffer larger than Buffer.MAX_LEN, this > breaks. > > I've looked at your page at > http://mina.apache.org/sshd-project/issue_tracking.html and I see that I can > create a bug for this (there doesn't appear to be any existing bugs). > > First of all, could you confirm that this is indeed a bug, that I'm not > missing some bounds checking earlier in the file? We've modified this file in > our environment. Second of all, if this indeed a bug, I'll be glad to make a > bug report and submit a .patch file to the bug report - I've already > implemented a fix for this. Hi!
feel free to open a JIRA, no mater what. If it's a bug, it's the best way to get some attention. And if it's not a bug, the JIRA will be closed. In any case, JIRAs don't get forgotten, when this mail is likely to be forgotten in a couple of days ! Bottom line, it would be good to provide some scernario which can trigger the potential issue you are mentionning. My understanding - but I haven't written this code - is that you can't write buffer bigger than 32k, this you can't face this limit issue. But I can be damn wrong ! Thanks !
