Add a safe mask for peer-supplied mode and extend wolfSSH_SFTP_Open#999
Add a safe mask for peer-supplied mode and extend wolfSSH_SFTP_Open#999yosuke-wolfssl wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request hardens SFTP server-side handling of peer-supplied permission modes by masking out special bits before filesystem operations, and extends the client-side wolfSSH_SFTP_Open() implementation to serialize SFTP file attributes into SSH_FXP_OPEN requests (with accompanying tests and an example client command to exercise the new path).
Changes:
- Introduces
WOLFSSH_SFTP_SAFE_MODE()and applies it to SFTP server paths that set file/dir permissions (open/mkdir/setstat/chmod-related). - Extends
wolfSSH_SFTP_Open()to include serialized attributes in theSSH_FXP_OPENpacket (or send an empty attributes block whenatr == NULL). - Adds SFTP tests (and an example
creatclient command) to validate that setuid/setgid/sticky bits are stripped.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
wolfssh/wolfsftp.h |
Adds the safe-mode masking macro for peer-supplied modes. |
src/wolfsftp.c |
Applies safe-mode masking in server operations; serializes attributes in wolfSSH_SFTP_Open(). |
tests/sftp.c |
Adds tests for stripping special bits in chmod and creat/open paths. |
examples/sftpclient/sftpclient.c |
Adds creat command and shared parsing helper for <mode> <path> arguments. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #999
Scan targets checked: wolfssh-bugs, wolfssh-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
yosuke-wolfssl
force-pushed
the
fix/f_4719
branch
from
8cd91d6 to
73104a1
Compare
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #999
Scan targets checked: wolfssh-bugs, wolfssh-src
Findings: 2
2 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
yosuke-wolfssl
force-pushed
the
fix/f_4719
branch
from
73104a1 to
fda9451
Compare
yosuke-wolfssl
force-pushed
the
fix/f_4719
branch
from
fda9451 to
f56ff01
Compare
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #999
Scan targets checked: wolfssh-bugs, wolfssh-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
This PR adds the following changes:
Addressed by f_4719.