search

ymnk / jsch-agent-proxy

Other
70 stars 41 forks source link

ArrayIndexOutOfBoundsException handling signatures by 4096-bit keys #8

Closed charles-dyfis-net closed 11 years ago

charles-dyfis-net commented 11 years ago

I have an end-user report of the following error occurring during communication between jsch and ssh-agent (the latter provided by openssh 5.9p1-5ubuntu1.1).

java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at com.jcraft.jsch.agentproxy.Buffer.putByte(Buffer.java:55)
at com.jcraft.jsch.agentproxy.Buffer.putString(Buffer.java:63)
at com.jcraft.jsch.agentproxy.Buffer.putString(Buffer.java:59)
at com.jcraft.jsch.agentproxy.AgentProxy.sign(AgentProxy.java:127)
at com.jcraft.jsch.agentproxy.RemoteIdentityRepository$1.getSignature(RemoteIdentityRepository.java:61)
at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:183)
at com.jcraft.jsch.Session.connect(Session.java:442)
at com.jcraft.jsch.Session.connect(Session.java:162)
at org.apache.ivy.plugins.repository.ssh.SshCache.getSession(SshCache.java:372)

After some investigation, it appears that the user in question has a 4096-bit key; this differentiates them from the folks for whom this infrastructure is working without flaw (who are to my knowledge all using default 2048-bit keys).

Perhaps the default 20K buffer is too small?

charles-dyfis-net commented 11 years ago

On further investigation -- when the Session class creates a Buffer, it's passing in a 1K array, thus providing much less space than the 20K default.

ymnk commented 11 years ago

I have confirmed that the commit https://github.com/ymnk/jsch-agent-proxy/commit/58ccf74bce134992e10ce52c70830ef4108ff5d6 will fix that problem. Could you try it?

charles-dyfis-net commented 11 years ago

This fix has been confirmed, both by myself and the user who initially reported the problem.

ymnk commented 11 years ago

Thank you for your feedback. We'll merge it to the master branch.

By the way, do you have a plan to share your work about ivy+jsch-agent-proxy with other ivy users?

charles-dyfis-net commented 11 years ago

The Ivy patch has been submitted to the ant dev list, and attached to the ticket at https://issues.apache.org/jira/browse/IVY-1421

charles-dyfis-net commented 11 years ago

Is a release incorporating this patch upcoming? I'm currently working on support for jsch-agent-proxy for the IDEA branch of SVNKit, and would prefer to use a branch with the issues resolved should there be a blessed/released build available.

ymnk commented 11 years ago

We will release the current version soon. I have recognized that IDEA is using JGit, which has adopted jsch, so your contributions for IDEA may be also good news for git users.

FYI, there is a bugzilla entry at https://bugs.eclipse.org/bugs/show_bug.cgi?id=179924 to support ssh-agent on Eclipse.