From d3ae0aaad3d00866a7daad5bb94b324e16845f07 Mon Sep 17 00:00:00 2001
From: Klaus Post <klauspost@gmail.com>
Date: Fri, 31 May 2024 14:28:07 -0700
Subject: [PATCH] Add max buffering to SFTP (#19848)

Prevent OOM by adversarial use of SFTP upload by setting a 100MB max upload buffer.
---
 cmd/sftp-server-driver.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cmd/sftp-server-driver.go b/cmd/sftp-server-driver.go
index 23f8c1a83..f28e15dfc 100644
--- a/cmd/sftp-server-driver.go
+++ b/cmd/sftp-server-driver.go
@@ -39,6 +39,10 @@ import (
 	"golang.org/x/crypto/ssh"
 )
 
+// Maximum write offset for incoming SFTP blocks.
+// Set to 100MiB to prevent hostile DOS attacks.
+const ftpMaxWriteOffset = 100 << 20
+
 type sftpDriver struct {
 	permissions *ssh.Permissions
 	endpoint    string
@@ -269,6 +273,9 @@ func (w *writerAt) WriteAt(b []byte, offset int64) (n int, err error) {
 		n, err = w.w.Write(b)
 		w.nextOffset += int64(n)
 	} else {
+		if offset > w.nextOffset+ftpMaxWriteOffset {
+			return 0, fmt.Errorf("write offset %d is too far ahead of next offset %d", offset, w.nextOffset)
+		}
 		w.buffer[offset] = make([]byte, len(b))
 		copy(w.buffer[offset], b)
 		n = len(b)