Federico Mariani created CAMEL-24098:
----------------------------------------
Summary: camel-ftp: SFTP ciphers/keyExchangeProtocols mutate
global static JSch config - cross-endpoint contamination and races
Key: CAMEL-24098
URL: https://issues.apache.org/jira/browse/CAMEL-24098
Project: Camel
Issue Type: Bug
Components: camel-ftp
Affects Versions: 4.21.0
Reporter: Federico Mariani
Attachments: SftpCiphersGlobalJschConfigTest.java
h3. Problem
{{SftpOperations.createSession}} (SftpOperations.java:233-244) applies the
{{ciphers}} and {{keyExchangeProtocols}} options via {{JSch.setConfig(...)}} -
which is *static and JVM-global* - on every (re)connect:
{code:java}
Hashtable<String, String> ciphers = new Hashtable<>();
ciphers.put("cipher.s2c", sftpConfig.getCiphers());
ciphers.put("cipher.c2s", sftpConfig.getCiphers());
JSch.setConfig(ciphers); // static/global
...
JSch.setConfig("kex", sftpConfig.getKeyExchangeProtocols()); // static/global
{code}
h3. Failure scenario
(1) An endpoint setting {{ciphers=aes128-ctr}} permanently narrows the cipher
list for *every other* sftp endpoint in the JVM that did not configure ciphers
(and for any other library using JSch). (2) Two endpoints with different
{{ciphers}}/{{keyExchangeProtocols}} clobber each other - last reconnect wins,
so endpoint A's KEX can start failing after endpoint B reconnects. (3) The
write is unsynchronized across {{SftpOperations}} instances (each has its own
lock), racing concurrent {{Session.connect()}} reads.
h3. History
Ciphers from CAMEL-4382 (2011); kex copied the pattern in CAMEL-16266 (2021).
Nothing suggests global mutation was deliberate: every other option in the same
method correctly uses per-session {{session.setConfig(...)}}
({{server_host_key}}, {{PubkeyAcceptedAlgorithms}}, {{compression.*}}).
h3. Suggested fix
Use {{session.setConfig("cipher.s2c"/"cipher.c2s"/"kex", ...)}} after
{{jsch.getSession(...)}}, like the neighboring options - mechanical change.
h3. Reproducer
Attached failing JUnit test (place in
{{components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/}}).
Records {{JSch.getConfig("cipher.s2c")}}, creates a session for an endpoint
with {{ciphers=...}}, and asserts the global JSch defaults are unchanged - on
current main they were mutated (test restores them in cleanup).
----
_This issue was researched and filed by Claude Code on behalf of [~croway]
(GitHub: Croway), as part of a deep code review of camel-file and camel-ftp. A
failing JUnit reproducer is attached; it fails deterministically on current
main (4.22.0-SNAPSHOT)._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)