Skip to content

Commit 82384f5

Browse files
acrylic-styleacrylic-style
committed
Prevent loading JndiLookup to patch CVE-2021-45046 
1 parent 215fadb commit 82384f5

File tree

12 files changed

+15
-817
lines changed

12 files changed

+15
-817
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
<groupId>net.azisaba</groupId>
88
<artifactId>Log4j2Fix</artifactId>
9-
<version>1.0.3</version>
9+
<version>1.0.4</version>
1010

1111
<properties>
1212
<maven.compiler.source>8</maven.compiler.source>

src/main/java/net/azisaba/log4j2Fix/Log4j2Fix.java

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
import java.util.zip.ZipFile;
1818

1919
public class Log4j2Fix {
20+
private static boolean registered = false;
2021
private static String arg;
2122
private static Instrumentation inst;
2223

@@ -96,13 +97,14 @@ public static void premain(String args, Instrumentation instrumentation) throws
9697
}
9798

9899
public static void transformClasses() throws IOException {
99-
transformClass("org.apache.logging.log4j.core.appender.mom.JmsAppender", false);
100-
transformClass("org.apache.logging.log4j.core.appender.mom.JmsAppender$1", false);
101-
transformClass("org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder", false);
102-
transformClass("org.apache.logging.log4j.core.net.JndiManager", false);
103-
transformClass("org.apache.logging.log4j.core.net.JndiManager$1", false);
104-
transformClass("org.apache.logging.log4j.core.net.JndiManager$JndiManagerFactory", false);
105-
transformClass("org.apache.logging.log4j.core.util.NetUtils", false);
100+
if (registered) return;
101+
registered = true;
102+
NativeUtil.registerClassLoadHook((classLoader, s, aClass, protectionDomain, bytes) -> {
103+
if ("org/apache/logging/log4j/core/lookup/JndiLookup".equals(s) || s.startsWith("org/apache/logging/log4j/core/lookup/JndiLookup$")) {
104+
sneakyThrow(new ClassNotFoundException());
105+
}
106+
return null;
107+
});
106108
if (Boolean.getBoolean("log4j2Fix.loadReflectionUtil")) {
107109
transformClass("org.apache.logging.log4j.util.ReflectionUtil", true);
108110
transformClass("org.apache.logging.log4j.util.ReflectionUtil$PrivateSecurityManager", true);
@@ -144,4 +146,9 @@ public static byte[] readAllBytes(InputStream in) throws IOException {
144146
}
145147
return baos.toByteArray();
146148
}
149+
150+
@SuppressWarnings("unchecked")
151+
public static <X extends Throwable> void sneakyThrow(Throwable throwable) throws X {
152+
throw (X) throwable;
153+
}
147154
}

src/main/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender$1.class

-267 Bytes
Binary file not shown.

src/main/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender$Builder.class

-8.67 KB
Binary file not shown.

src/main/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender.class

-3.83 KB
Binary file not shown.

src/main/resources/classes/org/apache/logging/log4j/core/net/JndiManager$1.class

-249 Bytes
Binary file not shown.

src/main/resources/classes/org/apache/logging/log4j/core/net/JndiManager$JndiManagerFactory.class

-3.79 KB
Binary file not shown.

src/main/resources/classes/org/apache/logging/log4j/core/net/JndiManager.class

-8.93 KB
Binary file not shown.

src/main/resources/classes/org/apache/logging/log4j/core/util/NetUtils.class

-5.58 KB
Binary file not shown.

src/main/resources/sources/org/apache/logging/log4j/core/appender/mom/JmsAppender.java

Lines changed: 0 additions & 294 deletions
This file was deleted.

0 commit comments

Comments
 (0)