Excetion "java.lang.ArrayIndexOutOfBoundsException" was thrown during connection

[vyu-talend]

Hello, After I upgrade the jsch jar from 0.1.55 to 0.2.1, I got this error： java.lang.ArrayIndexOutOfBoundsException: arraycopy: last source index 262220 out of bounds for byte[20480] at java.base/java.lang.System.arraycopy(Native Method) at com.jcraft.jsch.Buffer.getByte(Buffer.java:148) at com.jcraft.jsch.Buffer.getString(Buffer.java:188) at com.jcraft.jsch.Session.read(Session.java:1262) at com.jcraft.jsch.Session.connect(Session.java:337) at com.jcraft.jsch.Session.connect(Session.java:194) at local_project.sftptest_0_1.sftpTest.tFTPConnection_2Process(sftpTest.java:570) at local_project.sftptest_0_1.sftpTest.runJobInTOS(sftpTest.java:1252) at local_project.sftptest_0_1.sftpTest.main(sftpTest.java:951)

This is my logs Jsch_0.2.1_logs.txt

I've read the issue #228, and the suggestion is execute JSch.setConfig("kex", ...) method a single time. And I do have the method in my codes execute many times, like this: com.jcraft.jsch.JSch.setConfig("kex", "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256"); com.jcraft.jsch.JSch.setConfig("server_host_key", "ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256"); com.jcraft.jsch.JSch.setConfig("cipher.s2c", "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com"); com.jcraft.jsch.JSch.setConfig("cipher.c2s", "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com"); com.jcraft.jsch.JSch.setConfig("mac.s2c", "hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512"); com.jcraft.jsch.JSch.setConfig("mac.c2s","hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512");

The reason that I add those algorithms is because I need to keep my applications works fine after I upgrade the jsch.jar from 0.1.55 to 0.2.1. After my testing, it solved lot of issues like "Algorithms negotiation failed".

Do you have any idea how to solve this error? If my approach to keep previous applications works fine is not the best, do you have suggestion about it? Thanks in advanced!

[norrisjeremy]

Hi @vyu-talend,

I suspect you are hitting a bug with the server software (XLight FTP Server version 3.8.3.6.2). According to their release notes, they denote the following bugfix in their 3.8.8.5 release:

Fixed a bug in selecting group size for SSH Diffie-Hellman Group Exchange.

The exception being thrown occurs while JSch is attempting to process an SSH_MSG_DISCONNECT that the server is sending back (see Session.java:1262).

I'm not sure what exactly the nature of their bug is, but if you are unable to upgrade the server software, then you probably will need to remove the diffie-hellman-group-exchange-sha1 KEX algorithm from your JSch config (or put it after diffie-hellman-group1-sha1).

Thanks, Jeremy

[norrisjeremy]

Hi @vyu-talend,

Another idea would be to try adding this and see if it allows JSch to connect to this server:

JSch.setConfig("dhgex_min", "1024");

Thanks, Jeremy

[vyu-talend]

Hi @norrisjeremy, Thanks a lot. All of the approaches you mentioned above work fine.

[OLeh125]

I also face similar issue I assume after adding @Produces @RequestScoped protected JSch jsch() { JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa"); JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa"); return new JSch(); } here is logs and I use And maybe you know why it works from time to time?

[OLeh125]

looks like it's because I use @RequestScoped and it continue to add ",ssh-rsa" which eventually cause this issue. Could you confirm?

[norrisjeremy]

What would lead you to believe that repeatedly calling JSch.setConfig() and continually appending ,ssh-rsa to the end of these config strings is safe? You need to make sure to not do that.

[Boranget]

应该是因为把协议的添加 JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa");JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa"); 放到循环里或者方法里了，这是一个类变量，所以每次添加都会添加到类全局，直到超出长度限制。 that may because excuse JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa");JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa");many times， the config is a Class variable, so it will be added everytime, until out of the length limit.

[vyu-talend]

应该是因为把协议的添加 JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa");JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa"); 放到循环里或者方法里了，这是一个类变量，所以每次添加都会添加到类全局，直到超出长度限制。 that may because excuse JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa");JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa");many times， the config is a Class variable, so it will be added everytime, until out of the length limit.

没准是