Prevent loading JndiLookup to patch CVE-2021-45046

AzisabaNetwork · Dec 16, 2021 · 82384f5 · 82384f5
1 parent 215fadb
commit 82384f5
Show file tree

Hide file tree

Showing 12 changed files with 15 additions and 817 deletions.
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>net.azisaba</groupId>
     <artifactId>Log4j2Fix</artifactId>
-    <version>1.0.3</version>
+    <version>1.0.4</version>
 
     <properties>
         <maven.compiler.source>8</maven.compiler.source>

diff --git a/src/main/java/net/azisaba/log4j2Fix/Log4j2Fix.java b/src/main/java/net/azisaba/log4j2Fix/Log4j2Fix.java
@@ -17,6 +17,7 @@
 import java.util.zip.ZipFile;
 
 public class Log4j2Fix {
+    private static boolean registered = false;
     private static String arg;
     private static Instrumentation inst;
 
@@ -96,13 +97,14 @@ public static void premain(String args, Instrumentation instrumentation) throws
     }
 
     public static void transformClasses() throws IOException {
-        transformClass("org.apache.logging.log4j.core.appender.mom.JmsAppender", false);
-        transformClass("org.apache.logging.log4j.core.appender.mom.JmsAppender$1", false);
-        transformClass("org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder", false);
-        transformClass("org.apache.logging.log4j.core.net.JndiManager", false);
-        transformClass("org.apache.logging.log4j.core.net.JndiManager$1", false);
-        transformClass("org.apache.logging.log4j.core.net.JndiManager$JndiManagerFactory", false);
-        transformClass("org.apache.logging.log4j.core.util.NetUtils", false);
+        if (registered) return;
+        registered = true;
+        NativeUtil.registerClassLoadHook((classLoader, s, aClass, protectionDomain, bytes) -> {
+            if ("org/apache/logging/log4j/core/lookup/JndiLookup".equals(s) || s.startsWith("org/apache/logging/log4j/core/lookup/JndiLookup$")) {
+                sneakyThrow(new ClassNotFoundException());
+            }
+            return null;
+        });
         if (Boolean.getBoolean("log4j2Fix.loadReflectionUtil")) {
             transformClass("org.apache.logging.log4j.util.ReflectionUtil", true);
             transformClass("org.apache.logging.log4j.util.ReflectionUtil$PrivateSecurityManager", true);
@@ -144,4 +146,9 @@ public static byte[] readAllBytes(InputStream in) throws IOException {
         }
         return baos.toByteArray();
     }
+
+    @SuppressWarnings("unchecked")
+    public static <X extends Throwable> void sneakyThrow(Throwable throwable) throws X {
+        throw (X) throwable;
+    }
 }
diff --git a/src/main/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender$1.class b/src/main/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender$1.class
diff --git a/...in/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender$Builder.class b/...in/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender$Builder.class
diff --git a/src/main/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender.class b/src/main/resources/classes/org/apache/logging/log4j/core/appender/mom/JmsAppender.class
diff --git a/src/main/resources/classes/org/apache/logging/log4j/core/net/JndiManager$1.class b/src/main/resources/classes/org/apache/logging/log4j/core/net/JndiManager$1.class
diff --git a/.../resources/classes/org/apache/logging/log4j/core/net/JndiManager$JndiManagerFactory.class b/.../resources/classes/org/apache/logging/log4j/core/net/JndiManager$JndiManagerFactory.class
diff --git a/src/main/resources/classes/org/apache/logging/log4j/core/net/JndiManager.class b/src/main/resources/classes/org/apache/logging/log4j/core/net/JndiManager.class
diff --git a/src/main/resources/classes/org/apache/logging/log4j/core/util/NetUtils.class b/src/main/resources/classes/org/apache/logging/log4j/core/util/NetUtils.class
diff --git a/src/main/resources/sources/org/apache/logging/log4j/core/appender/mom/JmsAppender.java b/src/main/resources/sources/org/apache/logging/log4j/core/appender/mom/JmsAppender.java