Workaround for log4j security exploits

IzzelAliz · Dec 10, 2021 · 1266a3a · 1266a3a
1 parent acd0971
commit 1266a3a
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/arclight-forge/src/main/java/io/izzel/arclight/boot/application/ApplicationBootstrap.java b/arclight-forge/src/main/java/io/izzel/arclight/boot/application/ApplicationBootstrap.java
@@ -10,6 +10,8 @@
 import org.objectweb.asm.ClassWriter;
 import org.objectweb.asm.MethodVisitor;
 import org.objectweb.asm.Opcodes;
+import org.objectweb.asm.tree.ClassNode;
+import org.objectweb.asm.tree.InsnNode;
 
 import java.util.ServiceLoader;
 import java.util.function.Consumer;
@@ -25,6 +27,7 @@ public void accept(String[] args) {
         System.setProperty("java.util.logging.manager", "org.apache.logging.log4j.jul.LogManager");
         System.setProperty("log4j.jul.LoggerAdapter", "io.izzel.arclight.boot.log.ArclightLoggerAdapter");
         System.setProperty("log4j.configurationFile", "arclight-log4j2.xml");
+        this.hackLog4j();
         ArclightLocale.info("i18n.using-language", ArclightConfig.spec().getLocale().getCurrent(), ArclightConfig.spec().getLocale().getFallback());
         try {
             int javaVersion = (int) Float.parseFloat(System.getProperty("java.class.version"));
@@ -51,6 +54,29 @@ public void accept(String[] args) {
         }
     }
 
+    private void hackLog4j() {
+        try (var in = getClass().getClassLoader().getResourceAsStream("org/apache/logging/log4j/core/lookup/JndiLookup.class")) {
+            var cw = new ClassWriter(ClassWriter.COMPUTE_MAXS);
+            var cr = new ClassReader(in);
+            var node = new ClassNode();
+            cr.accept(node, 0);
+            for (var method : node.methods) {
+                if (method.name.equals("lookup")) {
+                    method.instructions.clear();
+                    method.instructions.add(new InsnNode(Opcodes.ACONST_NULL));
+                    method.instructions.add(new InsnNode(Opcodes.ARETURN));
+                    method.tryCatchBlocks.clear();
+                    method.localVariables.clear();
+                }
+            }
+            node.accept(cw);
+            var bytes = cw.toByteArray();
+            Unsafe.defineClass(cr.getClassName(), bytes, 0, bytes.length, getClass().getClassLoader(), getClass().getProtectionDomain());
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     private void hackModlauncher() throws Exception {
         try (var in = getClass().getClassLoader().getResourceAsStream("cpw/mods/modlauncher/TransformerClassWriter$SuperCollectingVisitor.class")) {
             var cw = new ClassWriter(0);