#86 Substring in negotiateVersion() caused runtime exception

Current CVS
closed-accepted
J2SSH (50)
7
2014-12-29
2010-09-29
No

This issue occurred in version 0.2.7, but the responsible code is also present in 0.2.9

This happened in an application that had been successfully connecting to the same SFTP site for several months, approximately every five minutes. As a result of the bug, the app hung, but after restarting the app reconnected successfully.

In my code I call:

SshClient ssh = new SshClient();
ssh.connect(hostname, new IgnoreHostKeyVerification());

And I see the following in the log:

[Transport protocol f4] 2010-09-29 07:00:18.859 | TransportProtocolCommon | ERROR | The Transport Protocol thread failed
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(String.java:1937)
at com.sshtools.j2ssh.transport.TransportProtocolCommon.negotiateVersion(Unknown Source)
at com.sshtools.j2ssh.transport.TransportProtocolCommon.run(Unknown Source)
at java.lang.Thread.run(Thread.java:619)

Based on other logging in my code, the call to connect() never returned, and no exception reached my code. From examining the j2ssh code, the substring failed in negotiateVersion() because the remoteVer string did not contain a second "-". Here are the important lines from TransportProtocolCommon:

// Get the index of the seperators
int l = remoteVer.indexOf("-");
int r = remoteVer.indexOf("-", l + 1);

// Get the version
String remoteVersion = remoteVer.substring(l + 1, r);

I recommending changing the last line to avoid the runtime exception:

String remoteVersion;
if ((l + 1 > remoteVer.length()) && (r > remoteVer.length()))
remoteVersion = remoteVer.substring(l + 1, r);
else
remoteVersion = "";

Cheers,
Greg Chabala
http://gregchabala.com/

Discussion

  • Greg Chabala

    Greg Chabala - 2011-01-12

    I've encountered this same issue again. I included a possible fix in the initial report, would a developer on this project please take a look?

    [Transport protocol a4] 2011-01-12 13:00:11.565 | TransportProtocolCommon | ERROR | The Transport Protocol thread failed
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
    at java.lang.String.substring(String.java:1937)
    at com.sshtools.j2ssh.transport.TransportProtocolCommon.negotiateVersion(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolCommon.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:619)

     
  • Greg Chabala

    Greg Chabala - 2011-01-12
    • priority: 5 --> 7
    • assigned_to: nobody --> hunoldinho
     
  • Greg Chabala

    Greg Chabala - 2011-02-07

    This is targeted for release 0.2.10

     
  • Greg Chabala

    Greg Chabala - 2011-02-07
    • status: open --> pending-accepted
     
  • SourceForge Robot

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • SourceForge Robot

    • status: pending-accepted --> closed-accepted
     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-06-30

    I ran into this problem also. This occurs when your password has expired on the server and it wants to force the user to change their password. I would recommend looking for this case and giving the user a more friendly exception.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-06-30

    Where can we find the source code ?

     
    Last edit: Anonymous 2014-03-27
  • Nagarajan

    Nagarajan - 2014-12-29

    I am also facing this issue in my application. It occurs intermittently.
    What is the cause for the remoteVer string doesn't contains the expected character?

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks