[ 
https://issues.apache.org/jira/browse/CAMEL-24098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Federico Mariani updated CAMEL-24098:
-------------------------------------
    Attachment: SftpCiphersGlobalJschConfigTest.java

> camel-ftp: SFTP ciphers/keyExchangeProtocols mutate global static JSch config 
> - cross-endpoint contamination and races
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-24098
>                 URL: https://issues.apache.org/jira/browse/CAMEL-24098
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-ftp
>    Affects Versions: 4.21.0
>            Reporter: Federico Mariani
>            Priority: Major
>              Labels: code-review
>         Attachments: SftpCiphersGlobalJschConfigTest.java
>
>
> h3. Problem
> {{SftpOperations.createSession}} (SftpOperations.java:233-244) applies the 
> {{ciphers}} and {{keyExchangeProtocols}} options via {{JSch.setConfig(...)}} 
> - which is *static and JVM-global* - on every (re)connect:
> {code:java}
> Hashtable<String, String> ciphers = new Hashtable<>();
> ciphers.put("cipher.s2c", sftpConfig.getCiphers());
> ciphers.put("cipher.c2s", sftpConfig.getCiphers());
> JSch.setConfig(ciphers);                          // static/global
> ...
> JSch.setConfig("kex", sftpConfig.getKeyExchangeProtocols());  // static/global
> {code}
> h3. Failure scenario
> (1) An endpoint setting {{ciphers=aes128-ctr}} permanently narrows the cipher 
> list for *every other* sftp endpoint in the JVM that did not configure 
> ciphers (and for any other library using JSch). (2) Two endpoints with 
> different {{ciphers}}/{{keyExchangeProtocols}} clobber each other - last 
> reconnect wins, so endpoint A's KEX can start failing after endpoint B 
> reconnects. (3) The write is unsynchronized across {{SftpOperations}} 
> instances (each has its own lock), racing concurrent {{Session.connect()}} 
> reads.
> h3. History
> Ciphers from CAMEL-4382 (2011); kex copied the pattern in CAMEL-16266 (2021). 
> Nothing suggests global mutation was deliberate: every other option in the 
> same method correctly uses per-session {{session.setConfig(...)}} 
> ({{server_host_key}}, {{PubkeyAcceptedAlgorithms}}, {{compression.*}}).
> h3. Suggested fix
> Use {{session.setConfig("cipher.s2c"/"cipher.c2s"/"kex", ...)}} after 
> {{jsch.getSession(...)}}, like the neighboring options - mechanical change.
> h3. Reproducer
> Attached failing JUnit test (place in 
> {{components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/}}).
>  Records {{JSch.getConfig("cipher.s2c")}}, creates a session for an endpoint 
> with {{ciphers=...}}, and asserts the global JSch defaults are unchanged - on 
> current main they were mutated (test restores them in cleanup).
> ----
> _This issue was researched and filed by Claude Code on behalf of [~croway] 
> (GitHub: Croway), as part of a deep code review of camel-file and camel-ftp. 
> A failing JUnit reproducer is attached; it fails deterministically on current 
> main (4.22.0-SNAPSHOT)._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to