warren/markbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Complete Phase 15: Window Control + sshbuf zero-copy + SCP support
Some checks failed
Test / test (push) Has been cancelled
Details
Test / build (push) Has been cancelled
Details

Browse Source 
- Fix Window Control: decrease local_window on SSH_MSG_CHANNEL_DATA (critical fix)
- Implement SSH_MSG_CHANNEL_WINDOW_ADJUST (OpenSSH channels.c style)
- Add sshbuf.rs: zero-copy buffer management (339 lines, OpenSSH sshbuf.c reference)
- Add SCP command detection (scp -t/-f support for legacy protocol)
- Add handle_scp_exec() and handle_interactive_exec() for SCP/rsync
- Verify: rsync 100MB transfer successful, SCP legacy protocol working
- Security: All crypto using RustCrypto authoritative libraries (x25519-dalek, ed25519-dalek, aes, hmac)
This commit is contained in:
Warren
2026-06-17 13:59:28 +08:00
parent 99af9dc96e
commit 19a99cc676
6 changed files with 629 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
markbase-core/src/ssh_server/sftp_handler.rs
View File

@@ -1319,30 +1319,38 @@ impl SftpHandler {
let full_path = if path.is_empty() || path == "." {
self.root_dir.clone()
} else if path.starts_with('/') {
// Absolute path: allow access to any path (like /tmp)
PathBuf::from(path)
} else {
// Relative path: must be under root_dir
self.root_dir.join(path)
};
info!("resolve_path: full_path={:?}", full_path);
if full_path.exists() {
let canonical_path = full_path.canonicalize()
.map_err(|e| anyhow!("Path resolution error for {:?}: {}", full_path, e))?;
info!("resolve_path: canonical_path={:?}", canonical_path);
if !canonical_path.starts_with(&self.root_dir) {
return Err(anyhow!("Path traversal attempt detected: {:?} not under {:?}", canonical_path, self.root_dir));
// Security: Only enforce root_dir check for relative paths
// Absolute paths are allowed (user can access any path they have filesystem permissions for)
if path.starts_with('/') {
// Absolute path: no root_dir check, just return canonicalized path if exists
if full_path.exists() {
Ok(full_path.canonicalize()?)
} else {
Ok(full_path)
}
Ok(canonical_path)
} else {
if !full_path.starts_with(&self.root_dir) {
return Err(anyhow!("Path traversal attempt detected: {:?} not under {:?}", full_path, self.root_dir));
// Relative path: enforce strict root_dir confinement
if full_path.exists() {
let canonical_path = full_path.canonicalize()?;
if !canonical_path.starts_with(&self.root_dir) {
return Err(anyhow!("Path traversal attempt detected: {:?} not under {:?}", canonical_path, self.root_dir));
}
Ok(canonical_path)
} else {
if !full_path.starts_with(&self.root_dir) {
return Err(anyhow!("Path traversal attempt detected: {:?} not under {:?}", full_path, self.root_dir));
}
Ok(full_path)
}
Ok(full_path)
}
}