Issue 2247 – Limiting SFTP version to 3 with non-well-known SFTP servers as a workaround for interoperability issues

https://winscp.net/tracker/2247

Source commit: e8d26c68291db0390bae63e57c01f81200caff04

source/core/SessionData.cpp

@@ -307,7 +307,7 @@ void __fastcall TSessionData::DefaultSettings()
   SFTPDownloadQueue = 32;
   SFTPUploadQueue = 64;
   SFTPListingQueue = 2;
-  SFTPMaxVersion = ::SFTPMaxVersion;
+  SFTPMaxVersion = SFTPMaxVersionAuto;
   SFTPMaxPacketSize = 0;
   SFTPRealPath = asAuto;
   UsePosixRename = false;

source/core/SessionData.h

@@ -40,6 +40,7 @@ enum TTlsVersion { ssl2 = 2, ssl3 = 3, tls10 = 10, tls11 = 11, tls12 = 12, tls13
 // has to match libs3 S3UriStyle
 enum TS3UrlStyle { s3usVirtualHost, s3usPath };
 enum TSessionSource { ssNone, ssStored, ssStoredModified };
+const int SFTPMaxVersionAuto = -1;
 enum TSessionUrlFlags
 {
   sufSpecific = 0x01,

source/core/SftpFileSystem.cpp

@@ -161,6 +161,7 @@
 #define OGQ_LIST_GROUPS 0x02
 //---------------------------------------------------------------------------
 const int SFTPMinVersion = 0;
+const int SFTPStandardVersion = 3;
 const int SFTPMaxVersion = 6;
 const unsigned int SFTPNoMessageNumber = static_cast<unsigned int>(-1);
 
@@ -3037,6 +3038,20 @@ void __fastcall TSFTPFileSystem::DoStartup()
   FFileSystemInfoValid = false;
   TSFTPPacket Packet(SSH_FXP_INIT);
   int MaxVersion = FTerminal->SessionData->SFTPMaxVersion;
+  if (MaxVersion == SFTPMaxVersionAuto)
+  {
+    TSshImplementation SshImplementation = FSecureShell->SshImplementation;
+    if ((SshImplementation == sshiOpenSSH) || (SshImplementation == sshiProFTPD) || (SshImplementation == sshiBitvise))
+    {
+      MaxVersion = SFTPMaxVersion;
+      FTerminal->LogEvent(FORMAT(L"Well known server, allowing SFTP version %d.", (MaxVersion)));
+    }
+    else
+    {
+      MaxVersion = SFTPStandardVersion;
+      FTerminal->LogEvent(FORMAT(L"Not well known server, limiting to safe SFTP version %d.", (MaxVersion)));
+    }
+  }
   if (MaxVersion > SFTPMaxVersion)
   {
     MaxVersion = SFTPMaxVersion;

source/core/SftpFileSystem.h

@@ -11,7 +11,6 @@ class TSecureShell;
 class TEncryption;
 //---------------------------------------------------------------------------
 enum TSFTPOverwriteMode { omOverwrite, omAppend, omResume };
-extern const int SFTPMaxVersion;
 //---------------------------------------------------------------------------
 class TSFTPFileSystem : public TCustomFileSystem
 {

source/forms/SiteAdvanced.cpp

@@ -199,7 +199,14 @@ void __fastcall TSiteAdvancedDialog::LoadSession()
     AllowScpFallbackCheck->Checked = (FSessionData->FSProtocol == fsSFTP);
     UsePosixRenameCheck->Checked = FSessionData->UsePosixRename;
 
-    SFTPMaxVersionCombo->ItemIndex = FSessionData->SFTPMaxVersion;
+    if (FSessionData->SFTPMaxVersion < 0)
+    {
+      SFTPMaxVersionCombo->ItemIndex = 0;
+    }
+    else
+    {
+      SFTPMaxVersionCombo->ItemIndex = FSessionData->SFTPMaxVersion + 1;
+    }
 
     ComboAutoSwitchLoad(SFTPRealPathCombo, FSessionData->SFTPRealPath);
     #define LOAD_SFTP_BUG_COMBO(BUG) \
@@ -617,7 +624,14 @@ void __fastcall TSiteAdvancedDialog::SaveSession(TSessionData * SessionData)
 
   // SFTP page
   SessionData->SftpServer = (IsDefaultSftpServer() ? UnicodeString() : SftpServerEdit->Text);
-  SessionData->SFTPMaxVersion = SFTPMaxVersionCombo->ItemIndex;
+  if (SFTPMaxVersionCombo->ItemIndex == 0)
+  {
+    SessionData->SFTPMaxVersion = SFTPMaxVersionAuto;
+  }
+  else
+  {
+    SessionData->SFTPMaxVersion = SFTPMaxVersionCombo->ItemIndex - 1;
+  }
   if (AllowScpFallbackCheck->Checked != (SessionData->FSProtocol == fsSFTP))
   {
     if (AllowScpFallbackCheck->Checked)

source/forms/SiteAdvanced.dfm

@@ -644,6 +644,7 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
             Anchors = [akTop, akRight]
             TabOrder = 1
             Items.Strings = (
+              'Auto'
               '0'
               '1'
               '2'