Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

scp, ssh commands: hide the real fs path on errors

Browse Source 
The underlying filesystem errors for permissions and non-existing files
can contain the real storage path.
Map these errors to more generic ones to avoid to leak this info

Fixes #109
This commit is contained in:
Nicola Murino
2020-04-22 12:26:18 +02:00
parent 4f668bf558
commit 0a47412e8c
3 changed files with 47 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
sftpd/ssh_cmd.go
View File

@@ -422,8 +422,19 @@ func (c *sshCommand) getDestPath() string {
return result
}
// we try to avoid to leak the real filesystem path here
func (c *sshCommand) getMappedError(err error) error {
if c.connection.fs.IsNotExist(err) {
return errors.New("no such file or directory")
}
if c.connection.fs.IsPermission(err) {
return errors.New("permission denied")
}
return err
}
func (c *sshCommand) sendErrorResponse(err error) error {
errorString := fmt.Sprintf("%v: %v %v\n", c.command, c.getDestPath(), err)
errorString := fmt.Sprintf("%v: %v %v\n", c.command, c.getDestPath(), c.getMappedError(err))
c.connection.channel.Write([]byte(errorString))
c.sendExitStatus(err)
return err