From 70345b5e5a6ad37399911194f0b746094061b399 Mon Sep 17 00:00:00 2001

From: Mikolaj Izdebski <mizdebsk@redhat.com>

Date: Wed, 2 Feb 2022 20:07:09 +0100

Subject: [PATCH] Fix CVE-2022-23302 JMSSink

---

 .../java/org/apache/log4j/net/JMSSink.java    | 153 ------------------

 1 file changed, 153 deletions(-)

 delete mode 100644 src/main/java/org/apache/log4j/net/JMSSink.java

diff --git a/src/main/java/org/apache/log4j/net/JMSSink.java b/src/main/java/org/apache/log4j/net/JMSSink.java

deleted file mode 100644

index 6a02831e..00000000

--- a/src/main/java/org/apache/log4j/net/JMSSink.java

+++ /dev/null

@@ -1,153 +0,0 @@

-/*

- * Licensed to the Apache Software Foundation (ASF) under one or more

- * contributor license agreements.  See the NOTICE file distributed with

- * this work for additional information regarding copyright ownership.

- * The ASF licenses this file to You under the Apache License, Version 2.0

- * (the "License"); you may not use this file except in compliance with

- * the License.  You may obtain a copy of the License at

- * 

- *      http://www.apache.org/licenses/LICENSE-2.0

- * 

- * Unless required by applicable law or agreed to in writing, software

- * distributed under the License is distributed on an "AS IS" BASIS,

- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

- * See the License for the specific language governing permissions and

- * limitations under the License.

- */

-

-package org.apache.log4j.net;

-

-import org.apache.log4j.Logger;

-import org.apache.log4j.PropertyConfigurator;

-import org.apache.log4j.spi.LoggingEvent;

-import org.apache.log4j.xml.DOMConfigurator;

-

-import javax.jms.JMSException;

-import javax.jms.ObjectMessage;

-import javax.jms.Session;

-import javax.jms.Topic;

-import javax.jms.TopicConnection;

-import javax.jms.TopicConnectionFactory;

-import javax.jms.TopicSession;

-import javax.jms.TopicSubscriber;

-import javax.naming.Context;

-import javax.naming.InitialContext;

-import javax.naming.NameNotFoundException;

-import javax.naming.NamingException;

-import java.io.BufferedReader;

-import java.io.InputStreamReader;

-

-/**

- * A simple application that consumes logging events sent by a {@link

- * JMSAppender}.

- *

- *

- * @author Ceki Gülcü 

- * */

-public class JMSSink implements javax.jms.MessageListener {

-

-  static Logger logger = Logger.getLogger(JMSSink.class);

-

-  static public void main(String[] args) throws Exception {

-    if(args.length != 5) {

-      usage("Wrong number of arguments.");

-    }

-    

-    String tcfBindingName = args[0];

-    String topicBindingName = args[1];

-    String username = args[2];

-    String password = args[3];

-    

-    

-    String configFile = args[4];

-

-    if(configFile.endsWith(".xml")) {

-      DOMConfigurator.configure(configFile);

-    } else {

-      PropertyConfigurator.configure(configFile);

-    }

-    

-    new JMSSink(tcfBindingName, topicBindingName, username, password);

-

-    BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));

-    // Loop until the word "exit" is typed

-    System.out.println("Type \"exit\" to quit JMSSink.");

-    while(true){

-      String s = stdin.readLine( );

-      if (s.equalsIgnoreCase("exit")) {

-	System.out.println("Exiting. Kill the application if it does not exit "

-			   + "due to daemon threads.");

-	return; 

-      }

-    } 

-  }

-

-  public JMSSink( String tcfBindingName, String topicBindingName, String username,

-		  String password) {

-    

-    try {

-      Context ctx = new InitialContext();

-      TopicConnectionFactory topicConnectionFactory;

-      topicConnectionFactory = (TopicConnectionFactory) lookup(ctx,

-                                                               tcfBindingName);

-

-      TopicConnection topicConnection =

-	                        topicConnectionFactory.createTopicConnection(username,

-									     password);

-      topicConnection.start();

-

-      TopicSession topicSession = topicConnection.createTopicSession(false,

-                                                       Session.AUTO_ACKNOWLEDGE);

-

-      Topic topic = (Topic)ctx.lookup(topicBindingName);

-

-      TopicSubscriber topicSubscriber = topicSession.createSubscriber(topic);

-    

-      topicSubscriber.setMessageListener(this);

-

-    } catch(JMSException e) {

-      logger.error("Could not read JMS message.", e);

-    } catch(NamingException e) {

-      logger.error("Could not read JMS message.", e);

-    } catch(RuntimeException e) {

-      logger.error("Could not read JMS message.", e);

-    }

-  }

-

-  public void onMessage(javax.jms.Message message) {

-    LoggingEvent event;

-    Logger remoteLogger;

-

-    try {

-      if(message instanceof  ObjectMessage) {

-	ObjectMessage objectMessage = (ObjectMessage) message;

-	event = (LoggingEvent) objectMessage.getObject();

-	remoteLogger = Logger.getLogger(event.getLoggerName());

-	remoteLogger.callAppenders(event);

-      } else {

-	logger.warn("Received message is of type "+message.getJMSType()

-		    +", was expecting ObjectMessage.");

-      }      

-    } catch(JMSException jmse) {

-      logger.error("Exception thrown while processing incoming message.", 

-		   jmse);

-    }

-  }

-

-

-  protected static Object lookup(Context ctx, String name) throws NamingException {

-    try {

-      return ctx.lookup(name);

-    } catch(NameNotFoundException e) {

-      logger.error("Could not find name ["+name+"].");

-      throw e;

-    }

-  }

-

-  static void usage(String msg) {

-    System.err.println(msg);

-    System.err.println("Usage: java " + JMSSink.class.getName()

-            + " TopicConnectionFactoryBindingName TopicBindingName username password configFile");

-    System.exit(1);

-  }

-}

-- 

2.33.1