Thanks. I'll fix it.
If you want to test your server with WinSCP I can provide you fixed version.

Is there SFTP version 5 already? I've though that the lastest version is SFTP4. Can you send me a link to the specification? Thanks.

This bug only applies to SFTP protocol version 4. Version 3 is still the most common version, as OpenSSH implements it.

When SUBSECOND_TIMES are used in the ATTRS data structure in the wire protocol, WinSCP3.5.6 does not handle the parsing of the packet correctly.

It tries to read the nano seconds for the ACCESS, MODIFY and CREATE time stamps, regardless of whether there actually are ACCESS, MODIFY and CREATE times in the ATTRS structure.

The source now:

if (Flags & SSH_FILEXFER_ATTR_ACCESSTIME)
{
File->LastAccess = UnixToDateTime((unsigned long)GetInt64());
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip access time subseconds
}
if (Flags & SSH_FILEXFER_ATTR_CREATETIME)
{
GetInt64(); // skip create time
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip create time subseconds
}
if (Flags & SSH_FILEXFER_ATTR_MODIFYTIME)
{
File->Modification = UnixToDateTime((unsigned long)GetInt64());
}
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip modification time subseconds
}


It should be:

if (Flags & SSH_FILEXFER_ATTR_ACCESSTIME)
{
File->LastAccess = UnixToDateTime((unsigned long)GetInt64());
if (Flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES)
{
GetCardinal(); // skip access time subseconds
}
}

etc.


I'm actually implementing an SFTP server that supports protocol versions 4 and 5; there aren't too many of those around, that's probably why the bug hasn't been discovered yet.

- Erwin