Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

ssh commands: send a generic error for unexpected failures

Browse Source 
and log the real error, it could leak a filesystem path
This commit is contained in:
Nicola Murino
2020-06-29 18:53:33 +02:00
parent 4814786556
commit dd593b1035
2 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
sftpd/internal_test.go
View File

@@ -2163,3 +2163,28 @@ func TestRecursiveCopyErrors(t *testing.T) {
err = sshCmd.checkRecursiveCopyPermissions("adir", "another", "/another") err = sshCmd.checkRecursiveCopyPermissions("adir", "another", "/another")
assert.Error(t, err) assert.Error(t, err)
} }
func TestSSHMappedError(t *testing.T) {
user := dataprovider.User{
HomeDir: os.TempDir(),
}
fs, err := user.GetFilesystem("123")
assert.NoError(t, err)
conn := Connection{
User: user,
fs: fs,
}
sshCommand := sshCommand{
command: "test",
connection: conn,
args: []string{},
}
err = sshCommand.getMappedError(os.ErrNotExist)
assert.EqualError(t, err, errNotExist.Error())
err = sshCommand.getMappedError(os.ErrPermission)
assert.EqualError(t, err, errPermissionDenied.Error())
err = sshCommand.getMappedError(os.ErrInvalid)
assert.EqualError(t, err, errGenericFailure.Error())
err = sshCommand.getMappedError(os.ErrNoDeadline)
assert.EqualError(t, err, errGenericFailure.Error())
}

9
sftpd/ssh_cmd.go
View File

@@ -32,6 +32,8 @@ const scpCmdName = "scp"
var ( var (
errQuotaExceeded = errors.New("denying write due to space limit") errQuotaExceeded = errors.New("denying write due to space limit")
errPermissionDenied = errors.New("Permission denied. You don't have the permissions to execute this command") errPermissionDenied = errors.New("Permission denied. You don't have the permissions to execute this command")
errNotExist = errors.New("no such file or directory")
errGenericFailure = errors.New("failure, this command cannot be executed")
errUnsupportedConfig = errors.New("command unsupported for this configuration") errUnsupportedConfig = errors.New("command unsupported for this configuration")
errSkipPermissionsCheck = errors.New("permission check skipped") errSkipPermissionsCheck = errors.New("permission check skipped")
) )
@@ -576,12 +578,13 @@ func cleanCommandPath(name string) string {
// we try to avoid to leak the real filesystem path here // we try to avoid to leak the real filesystem path here
func (c *sshCommand) getMappedError(err error) error { func (c *sshCommand) getMappedError(err error) error {
if c.connection.fs.IsNotExist(err) { if c.connection.fs.IsNotExist(err) {
return errors.New("no such file or directory") return errNotExist
} }
if c.connection.fs.IsPermission(err) { if c.connection.fs.IsPermission(err) {
return errors.New("permission denied") return errPermissionDenied
} }
return err c.connection.Log(logger.LevelDebug, logSenderSSH, "unhandled error for SSH command, a generic failure will be sent: %v", err)
return errGenericFailure
} }
func (c *sshCommand) getCopyPaths() (string, string, error) { func (c *sshCommand) getCopyPaths() (string, string, error) {