Skip to content

Commit bbca466

Browse files
ejohnstownejohnstown
committed
Test SFTP forged handles and namespace isolation
- Reject forged/raw-fd handles in Write/Read/FSetSTAT/FSTAT/Close - Isolate file vs directory handle-ID namespaces - Cover positive and forged FSTAT
1 parent 62b18bd commit bbca466

3 files changed

Lines changed: 437 additions & 0 deletions

File tree

src/wolfsftp.c

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6068,6 +6068,58 @@ int wolfSSH_SFTP_RecvFSetSTAT(WOLFSSH* ssh, int reqId, byte* data, word32 maxSz)
60686068
}
60696069

60706070
#endif /* _WIN32_WCE */
6071+
6072+
#if defined(WOLFSSH_TEST_INTERNAL) && !defined(USE_WINDOWS_API) && \
6073+
!defined(NO_FILESYSTEM)
6074+
/* Test-only plumbing for the forged-handle regression test in tests/regress.c.
6075+
*
6076+
* The SFTP request handlers buffer their status/handle reply into ssh->recvState
6077+
* via wolfSSH_SFTP_RecvSetSend(). When a test drives the handlers directly that
6078+
* state is not otherwise allocated, so these accessors let the test own its
6079+
* lifetime (and inspect the buffered reply) without exposing the private
6080+
* WS_SFTP_RECV_STATE type. */
6081+
6082+
/* Allocate ssh->recvState so handler replies are captured instead of leaked. */
6083+
int wolfSSH_SFTP_TestRecvStateInit(WOLFSSH* ssh)
6084+
{
6085+
if (ssh == NULL) {
6086+
return WS_BAD_ARGUMENT;
6087+
}
6088+
if (ssh->recvState == NULL) {
6089+
ssh->recvState = (WS_SFTP_RECV_STATE*)WMALLOC(
6090+
sizeof(WS_SFTP_RECV_STATE), ssh->ctx->heap, DYNTYPE_SFTP_STATE);
6091+
if (ssh->recvState == NULL) {
6092+
return WS_MEMORY_E;
6093+
}
6094+
WMEMSET(ssh->recvState, 0, sizeof(WS_SFTP_RECV_STATE));
6095+
}
6096+
return WS_SUCCESS;
6097+
}
6098+
6099+
/* Return the most recent buffered reply (data + size) produced by a handler. */
6100+
const byte* wolfSSH_SFTP_TestRecvReply(WOLFSSH* ssh, word32* sz)
6101+
{
6102+
if (ssh == NULL || ssh->recvState == NULL) {
6103+
if (sz != NULL) {
6104+
*sz = 0;
6105+
}
6106+
return NULL;
6107+
}
6108+
if (sz != NULL) {
6109+
*sz = ssh->recvState->buffer.sz;
6110+
}
6111+
return ssh->recvState->buffer.data;
6112+
}
6113+
6114+
/* Free ssh->recvState and any buffered reply. */
6115+
void wolfSSH_SFTP_TestRecvStateFree(WOLFSSH* ssh)
6116+
{
6117+
if (ssh != NULL) {
6118+
wolfSSH_SFTP_ClearState(ssh, STATE_ID_ALL);
6119+
}
6120+
}
6121+
#endif /* WOLFSSH_TEST_INTERNAL && !USE_WINDOWS_API && !NO_FILESYSTEM */
6122+
60716123
#endif /* !NO_WOLFSSH_SERVER */
60726124

60736125

0 commit comments

Comments
 (0)