Uploaded image for project: 'MINA SSHD'
  1. MINA SSHD
  2. SSHD-1244

Client fails window adjust above Integer.MAX_VALUE

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.8.0
    • 2.9.0
    • None

    Description

      If the new window size specified by SSH_MSG_CHANNEL_WINDOW_ADJUST exceeds INT_MAX, it will not be recognized correctly.

      I think the cause is in the following places:
      org.apache.sshd.common.channel.Window.expand(int)

       

      I am doing machine translation, so please allow it to be unnatural.

       

      I encountered this issue when I was using ProFTPD as an SFTP server.
      The version of ProFTPD is 1.3.5e.

      The SFTP feature of ProFTPD notifies 2 ^ 32-1 bytes as the initial window size by default.
      I've confirmed that SSHD can handle this without any problems, so I sent a 4GB file to see what happens when Window Adjust is done.
      As a result, a Window Adjust was done and SSHD was unable to handle this successfully.

       

      I have attached the client implementation to this issue.
      (Maybe a poor implementation ...)
      The console logs, including the debug logs, were too large to attach.

      The parts that are clearly set for the SSH client are as follows.
      ServerKeyVerifier
      HostConfigEntryResolver
      KeyIdentityProvider

      In the log, the part where the error occurred is as follows.
      You can see that SSHD recognizes the new Window size as a negative value.

      [sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG org.apache.sshd.sftp.client.impl.DefaultSftpClient$SftpChannelSubsystem - handleWindowAdjust(SftpChannelSubsystem[id=0, recipient=0]-ClientSessionImpl[kada@/192.168.12.222:18022][sftp]) SSH_MSG_CHANNEL_WINDOW_ADJUST window=-94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - handleReadCycleFailure(Nio2Session[local=/0:0:0:0:0:0:0:0:51143, remote=/192.168.12.222:18022]) IllegalArgumentException after 8166700 nanos at read cycle=103401: Negative window size: -94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - exceptionCaught(Nio2Session[local=/0:0:0:0:0:0:0:0:51143, remote=/192.168.12.222:18022]) caught IllegalArgumentException[Negative window size: -94217] - calling handler
[sshd-SshClient[343f4d3d]-nio2-thread-5] DEBUG org.apache.sshd.client.session.ClientSessionImpl - signalAuthFailure(ClientSessionImpl[kada@/192.168.12.222:18022]) type=IllegalArgumentException, signalled=false, first=false: Negative window size: -94217
[sshd-SshClient[343f4d3d]-nio2-thread-5] WARN org.apache.sshd.client.session.ClientSessionImpl - exceptionCaught(ClientSessionImpl[kada@/192.168.12.222:18022])[state=Opened] IllegalArgumentException: Negative window size: -94217
java.lang.IllegalArgumentException: Negative window size: -94217
    at org.apache.sshd.common.util.ValidateUtils.createFormattedException(ValidateUtils.java:213)
    at org.apache.sshd.common.util.ValidateUtils.throwIllegalArgumentException(ValidateUtils.java:179)
    at org.apache.sshd.common.util.ValidateUtils.checkTrue(ValidateUtils.java:162)
    at org.apache.sshd.common.channel.Window.expand(Window.java:123)
    at org.apache.sshd.common.channel.AbstractChannel.handleWindowAdjust(AbstractChannel.java:894)
    at org.apache.sshd.client.channel.AbstractClientChannel.handleWindowAdjust(AbstractClientChannel.java:448)
    at org.apache.sshd.common.session.helpers.AbstractConnectionService.channelWindowAdjust(AbstractConnectionService.java:614)
    at org.apache.sshd.common.session.helpers.AbstractConnectionService.process(AbstractConnectionService.java:477)
    at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526)
    at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
    at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
    at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
    at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
    at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359)
    at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336)
    at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333)
    at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
    at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
    at sun.nio.ch.Invoker$2.run(Invoker.java:218)
    at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

      Attachments

        1. Main.java
          4 kB
          Ryosuke Kanda

        Activity

          People

            lgoldstein Lyor Goldstein
            candacada Ryosuke Kanda
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: