I have identified an issue with returning the List of default ciphers in com.sshtools.j2ssh.transport.cipher.SshCipherFactory. Similar classes such as com.sshtools.j2ssh.transport.hmac.SshHmacFactory and com.sshtools.j2ssh.transport.compression.SshCompressionFactory return a new List instance for default values. SshCipherFactory maintains a static reference.
During the connect process, the method SshMsgKexInit.sortAlgorithmList is called which modifies the list of default values. When multiple threads are connecting at the same time, it is possible for the list to return true when contains(Object) is called, but no longer have a reference when remove(Object) is called. As a result, an ArrayIndexOutOfBoundsException is thrown and no further connections can be established until the JVM is restarted.
I have changed the behavior of SshCipherFactory to match SshCompressionFactory and SshHmacFactory . In addition, I have attached a diff of changes I made to SshCipherFactory to resolve this issue.
Please let me know if you need any additional information.
Log in to post a comment.