npm - @electerm/ssh2 - Versions diffs - 1.18.1 → 1.19.0 - Mend

@electerm/ssh2 1.18.1 → 1.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/client.js CHANGED Viewed

@@ -244,7 +244,7 @@ class Client extends EventEmitter {
                                        ? cfg.debug
                                        : undefined);
-    this.config.sftpEncoding = cfg.sftpEncoding || 'utf8';
+    this.config.encode = cfg.encode || 'utf8';
     if (cfg.agentForward === true && !this.config.allowAgentFwd) {
       throw new Error(
@@ -606,7 +606,7 @@ class Client extends EventEmitter {
           };
           const instance = (
             isSFTP
-            ? new SFTP(this, chanInfo, { debug, encoding: this.config.sftpEncoding })
+            ? new SFTP(this, chanInfo, { debug, encoding: this.config.encode })
             : new Channel(this, chanInfo)
           );
           this._chanMgr.update(info.recipient, instance);

package/lib/protocol/SFTP.js CHANGED Viewed

@@ -115,6 +115,7 @@ const SERVER_VERSION_BUFFER = Buffer.from([
 const RE_OPENSSH = /^SSH-2.0-(?:OpenSSH|dropbear)/;
 const OPENSSH_MAX_PKT_LEN = 256 * 1024;
+const IMPOSSIBLE_PKT_LEN = 10 * 1024 * 1024; // 10MB - if packet length is larger, it's likely garbage
 const bufferParser = makeBufferParser();
@@ -218,6 +219,17 @@ class SFTP extends EventEmitter {
         if (this._pktLen === 0)
           return doFatalSFTPError(this, 'Invalid packet length');
         if (this._pktLen > this._maxInPktLen) {
+          if (this._pktLen > IMPOSSIBLE_PKT_LEN) {
+            // Likely garbage data (e.g., text output from shell initialization)
+            // Reset parser state and continue
+            this._pktLenBytes = 0;
+            this._pktLen = 0;
+            this._pktPos = 0;
+            this._pktType = 0;
+            this._pktData = undefined;
+            this._pkt = undefined;
+            continue;
+          }
           const max = this._maxInPktLen;
           return doFatalSFTPError(
             this,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@electerm/ssh2",
-  "version": "1.18.1",
+  "version": "1.19.0",
   "author": "Brian White <mscdex@mscdex.net>",
   "description": "SSH2 client and server modules written in pure JavaScript for node.js",
   "main": "./lib/index.js",