wolfSSL
wolfSSH_SFTP_SendReadPacket does not discard remaining data on request ID mismatc
Problem Description:
In the function wolfSSH_SFTP_SendReadPacket, when state->reqId != ssh->reqId is true (i.e., the request ID in the response does not match the expected request ID), the function only returns WS_FATAL_ERROR without clearing or discarding the remaining data in the response buffer. This may cause subsequent SFTP operations to parse the wrong data, leading to protocol desynchronization or errors.
Suggested Fix:
When detecting a request ID mismatch, the function should read and discard the remaining data of the current response to ensure the stream stays in sync, before returning the error.
Hi @LIYAOHAN,
Thank you for the report! I was reviewing this and did initially opt for simplicity when first adding SFTP support. To only handle ID's that are in sync not out of order. The RFC does specify that they can be received out of order though. I think dropping the packet might work for a special case but is not the right solution, wolfSSH should be storing out of order SFTP packets and processing them with the matching request to handle out of order packets. This unfortunately adds complexity and would likely take me some time to get to (other work items in process are ahead of it).
How urgent is this addition (is it blocking you?) and have you hit a case with using wolfSSH that the out of order packets becomes an issue? It should be processing them in sync. one request and then wait for the response.
@JacobBarthelmeh Thanks for looking into it! It would be great if this could be addressed eventually, we’re not in a critical situation at the moment