packages/log4j
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
log4j/CVE-2021-44832-pre.patch
wk333 9b69d4ab39 Fix CVE-2021-44832
2021-12-29 14:48:03 +08:00

50 lines
2.1 KiB
Diff
Raw Permalink Blame History

From 0a38c766b74260485b4427cfbe7b22952ab14a29 Mon Sep 17 00:00:00 2001
From: Carter Kozak <ckozak@apache.org>
Date: Wed, 22 Dec 2021 15:20:16 -0500
Subject: [PATCH] JNDI enablement properties are loaded at most once
Rather than checking properties after each invocation, jndi
properties are all read into static final boolean fields when
the JndiManager class is initialized, this way properties cannot
be mutated and refreshed at runtime, and checks are cheaper.
This format matches other log4j configuration points as set
in `Constants.java`.
---
.../org/apache/logging/log4j/core/net/JndiManager.java | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/JndiManager.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/JndiManager.java
index d9d0c0b662..d73d4137b6 100644
--- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/JndiManager.java
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/JndiManager.java
@@ -42,6 +42,10 @@
private static final String PREFIX = "log4j2.enableJndi";
private static final String JAVA_SCHEME = "java";
+ private static final boolean JNDI_CONTEXT_SELECTOR_ENABLED = isJndiEnabled("ContextSelector");
+ private static final boolean JNDI_JMS_ENABLED = isJndiEnabled("Jms");
+ private static final boolean JNDI_LOOKUP_ENABLED = isJndiEnabled("Lookup");
+
private final InitialContext context;
private static boolean isJndiEnabled(final String subKey) {
@@ -53,15 +57,15 @@ public static boolean isJndiEnabled() {
}
public static boolean isJndiContextSelectorEnabled() {
- return isJndiEnabled("ContextSelector");
+ return JNDI_CONTEXT_SELECTOR_ENABLED;
}
public static boolean isJndiJmsEnabled() {
- return isJndiEnabled("Jms");
+ return JNDI_JMS_ENABLED;
}
public static boolean isJndiLookupEnabled() {
- return isJndiEnabled("Lookup");
+ return JNDI_LOOKUP_ENABLED;
}
private JndiManager(final String name, final InitialContext context) {
Reference in New Issue View Git Blame Copy Permalink