[
https://issues.apache.org/jira/browse/SSHD-1244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryosuke Kanda updated SSHD-1244:
--------------------------------
Description:
If the new window size specified by SSH_MSG_CHANNEL_WINDOW_ADJUST exceeds
INT_MAX, it will not be recognized correctly.
I think the cause is in the following places:
org.apache.sshd.common.channel.Window.expand(int)
I am doing machine translation, so please allow it to be unnatural.
I encountered this issue when I was using ProFTPD as an SFTP server.
The version of ProFTPD is 1.3.5e.
The SFTP feature of ProFTPD notifies 2 ^ 32-1 bytes as the initial window size
by default.
I've confirmed that SSHD can handle this without any problems, so I sent a 4GB
file to see what happens when Window Adjust is done.
As a result, a Window Adjust was done and SSHD was unable to handle this
successfully.
I have attached the client implementation to this issue.
(Maybe a poor implementation ...)
The console logs, including the debug logs, were too large to attach.
The parts that are clearly set for the SSH client are as follows.
ServerKeyVerifier
HostConfigEntryResolver
KeyIdentityProvider
In the log, the part where the error occurred is as follows.
You can see that SSHD recognizes the new Window size as a negative value.
{code:java}
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
org.apache.sshd.sftp.client.impl.DefaultSftpClient$SftpChannelSubsystem -
handleWindowAdjust(SftpChannelSubsystem[id=0,
recipient=0]-ClientSessionImpl[kada@/192.168.12.222:18022][sftp])
SSH_MSG_CHANNEL_WINDOW_ADJUST window=-94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
org.apache.sshd.common.io.nio2.Nio2Session -
handleReadCycleFailure(Nio2Session[local=/0:0:0:0:0:0:0:0:51143,
remote=/192.168.12.222:18022]) IllegalArgumentException after 8166700 nanos at
read cycle=103401: Negative window size: -94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
org.apache.sshd.common.io.nio2.Nio2Session -
exceptionCaught(Nio2Session[local=/0:0:0:0:0:0:0:0:51143,
remote=/192.168.12.222:18022]) caught IllegalArgumentException[Negative window
size: -94217] - calling handler
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
org.apache.sshd.client.session.ClientSessionImpl -
signalAuthFailure(ClientSessionImpl[kada@/192.168.12.222:18022])
type=IllegalArgumentException, signalled=false, first=false: Negative window
size: -94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] WARN
org.apache.sshd.client.session.ClientSessionImpl -
exceptionCaught(ClientSessionImpl[kada@/192.168.12.222:18022])[state=Opened]
IllegalArgumentException: Negative window size: -94217
java.lang.IllegalArgumentException: Negative window size: -94217
at
org.apache.sshd.common.util.ValidateUtils.createFormattedException(ValidateUtils.java:213)
at
org.apache.sshd.common.util.ValidateUtils.throwIllegalArgumentException(ValidateUtils.java:179)
at
org.apache.sshd.common.util.ValidateUtils.checkTrue(ValidateUtils.java:162)
at org.apache.sshd.common.channel.Window.expand(Window.java:123)
at
org.apache.sshd.common.channel.AbstractChannel.handleWindowAdjust(AbstractChannel.java:894)
at
org.apache.sshd.client.channel.AbstractClientChannel.handleWindowAdjust(AbstractClientChannel.java:448)
at
org.apache.sshd.common.session.helpers.AbstractConnectionService.channelWindowAdjust(AbstractConnectionService.java:614)
at
org.apache.sshd.common.session.helpers.AbstractConnectionService.process(AbstractConnectionService.java:477)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
at
org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
at
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker$2.run(Invoker.java:218)
at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748) {code}
was:
If the new window size specified by SSH_MSG_CHANNEL_WINDOW_ADJUST exceeds
INT_MAX, it will not be recognized correctly.
I think the cause is in the following places:
org.apache.sshd.common.channel.Window.expand(int)
I am doing machine translation, so please allow it to be unnatural.
I encountered this issue when I was using ProFTPD as an SFTP server.
The version of ProFTPD is 1.3.5e.
The SFTP feature of ProFTPD notifies 2 ^ 32-1 bytes as the initial window size
by default.
I've confirmed that SSHD can handle this without any problems, so I sent a 4GB
file to see what happens when Window Adjust is done.
As a result, a Window Adjust was done and SSHD was unable to handle this
successfully.
> Client fails window adjust above Integer.MAX_VALUE
> --------------------------------------------------
>
> Key: SSHD-1244
> URL: https://issues.apache.org/jira/browse/SSHD-1244
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.8.0
> Reporter: Ryosuke Kanda
> Assignee: Lyor Goldstein
> Priority: Minor
> Attachments: Main.java
>
>
> If the new window size specified by SSH_MSG_CHANNEL_WINDOW_ADJUST exceeds
> INT_MAX, it will not be recognized correctly.
> I think the cause is in the following places:
> org.apache.sshd.common.channel.Window.expand(int)
>
> I am doing machine translation, so please allow it to be unnatural.
>
> I encountered this issue when I was using ProFTPD as an SFTP server.
> The version of ProFTPD is 1.3.5e.
> The SFTP feature of ProFTPD notifies 2 ^ 32-1 bytes as the initial window
> size by default.
> I've confirmed that SSHD can handle this without any problems, so I sent a
> 4GB file to see what happens when Window Adjust is done.
> As a result, a Window Adjust was done and SSHD was unable to handle this
> successfully.
>
> I have attached the client implementation to this issue.
> (Maybe a poor implementation ...)
> The console logs, including the debug logs, were too large to attach.
> The parts that are clearly set for the SSH client are as follows.
> ServerKeyVerifier
> HostConfigEntryResolver
> KeyIdentityProvider
> In the log, the part where the error occurred is as follows.
> You can see that SSHD recognizes the new Window size as a negative value.
> {code:java}
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
> org.apache.sshd.sftp.client.impl.DefaultSftpClient$SftpChannelSubsystem -
> handleWindowAdjust(SftpChannelSubsystem[id=0,
> recipient=0]-ClientSessionImpl[kada@/192.168.12.222:18022][sftp])
> SSH_MSG_CHANNEL_WINDOW_ADJUST window=-94217
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
> org.apache.sshd.common.io.nio2.Nio2Session -
> handleReadCycleFailure(Nio2Session[local=/0:0:0:0:0:0:0:0:51143,
> remote=/192.168.12.222:18022]) IllegalArgumentException after 8166700 nanos
> at read cycle=103401: Negative window size: -94217
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
> org.apache.sshd.common.io.nio2.Nio2Session -
> exceptionCaught(Nio2Session[local=/0:0:0:0:0:0:0:0:51143,
> remote=/192.168.12.222:18022]) caught IllegalArgumentException[Negative
> window size: -94217] - calling handler
> [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl -
> signalAuthFailure(ClientSessionImpl[kada@/192.168.12.222:18022])
> type=IllegalArgumentException, signalled=false, first=false: Negative window
> size: -94217
> [sshd-SshClient[343f4d3d]-nio2-thread-5] WARN
> org.apache.sshd.client.session.ClientSessionImpl -
> exceptionCaught(ClientSessionImpl[kada@/192.168.12.222:18022])[state=Opened]
> IllegalArgumentException: Negative window size: -94217
> java.lang.IllegalArgumentException: Negative window size: -94217
> at
> org.apache.sshd.common.util.ValidateUtils.createFormattedException(ValidateUtils.java:213)
> at
> org.apache.sshd.common.util.ValidateUtils.throwIllegalArgumentException(ValidateUtils.java:179)
> at
> org.apache.sshd.common.util.ValidateUtils.checkTrue(ValidateUtils.java:162)
> at org.apache.sshd.common.channel.Window.expand(Window.java:123)
> at
> org.apache.sshd.common.channel.AbstractChannel.handleWindowAdjust(AbstractChannel.java:894)
> at
> org.apache.sshd.client.channel.AbstractClientChannel.handleWindowAdjust(AbstractClientChannel.java:448)
> at
> org.apache.sshd.common.session.helpers.AbstractConnectionService.channelWindowAdjust(AbstractConnectionService.java:614)
> at
> org.apache.sshd.common.session.helpers.AbstractConnectionService.process(AbstractConnectionService.java:477)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
> at sun.nio.ch.Invoker$2.run(Invoker.java:218)
> at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748) {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
