From 48bf234322e639d279c5a28435eae50155e9b514 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 11 Jan 2023 05:36:50 +0000 Subject: [PATCH] upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 --- sftp-client.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 6c97bfa9f..0a5bf03de 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.166 2022/12/16 03:40:03 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.167 2023/01/11 05:36:50 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -566,17 +566,22 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, /* If the caller did not specify, find a good value */ if (transfer_buflen == 0) { - ret->download_buflen = limits.read_length; - ret->upload_buflen = limits.write_length; - debug("Using server download size %u", ret->download_buflen); - debug("Using server upload size %u", ret->upload_buflen); + ret->download_buflen = MINIMUM(limits.read_length, + SFTP_MAX_MSG_LENGTH - 1024); + ret->upload_buflen = MINIMUM(limits.write_length, + SFTP_MAX_MSG_LENGTH - 1024); + debug3("server upload/download buffer sizes " + "%llu / %llu; using %u / %u", + (unsigned long long)limits.write_length, + (unsigned long long)limits.read_length, + ret->upload_buflen, ret->download_buflen); } /* Use the server limit to scale down our value only */ if (num_requests == 0 && limits.open_handles) { ret->num_requests = MINIMUM(DEFAULT_NUM_REQUESTS, limits.open_handles); - debug("Server handle limit %llu; using %u", + debug3("server handle limit %llu; using %u", (unsigned long long)limits.open_handles, ret->num_requests); }