-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libssh2_sftp_close_handle and LIBSSH2_ERROR_EAGAIN #690
Comments
I noticed that
|
If you're running in non-blocking mode with a timeout set, the timeout isn't being hit? |
For non-blocking mode, sftp_close_handle will always return do {
time_t entry_time = time(((void *) 0));
do {
rc = sftp_close_handle(hnd);
if ((rc != LIBSSH2_ERROR_EAGAIN) || !hnd->sftp->channel->session->api_block_mode)break;
rc = _libssh2_wait_socket(hnd->sftp->channel->session, entry_time);
}
while (!rc);
} |
Where inside of |
In our environment, most of time it is After noting that |
Describe the bug
When encountering a weird SFTP server, which refused to respond to our request, currently there is no way to cleanup local resources.
Expected behavior
If a user-provided timeout triggers and we have not finished client-server interaction, the user should have option to forcefully cleanup all local resources regardless of server behavior.
Version (please complete the following information):
This is a very old issue first reported 2008: https://marc.info/?l=libssh2-devel&m=121498802311288&w=4
Additional context
As mentioned curl/curl#8632 (comment), this issue has been raised multiple times.
libcurl did provide a workaround for sftp hang (curl/curl@fa34353), but did not address the resource leak issue.
NOTE
If the client keep trying to reconnect to these weird servers, this can be viewed as Server-Initiated DOS vulnerability, because finally the unfortunate client will leak all its available memory.
The text was updated successfully, but these errors were encountered: