Skip to content

Commit

Permalink
nested patching works now
Browse files Browse the repository at this point in the history
  • Loading branch information
@breadchris
breadchris committed Dec 27, 2021
1 parent 6e99190 commit 449f700
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions tools/log4shell/commands/patch.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,8 @@ func tail(s []string) []string {
}

func addFileToZip(zipWriter *zip.Writer, existingHeader zip.FileHeader, filename string) (err error) {
defer zipWriter.Flush()

fileToZip, err := os.Open(filename)
if err != nil {
log.Error().
Expand Down Expand Up @@ -224,6 +226,7 @@ func addFileToZip(zipWriter *zip.Writer, existingHeader zip.FileHeader, filename
Msg("Unable to create zip header")
return
}

_, err = io.Copy(writer, fileToZip)
if err != nil {
log.Error().
Expand Down Expand Up @@ -266,19 +269,20 @@ func filterOutJndiLookupFromZip(
if err != nil {
return
}
nestedZipWriter.Flush()

if zipWriter == nil {
filename = outZip.Name()
validOutputFile = true
return
}

nestedZipWriter.Close()
outZip.Close()

err = addFileToZip(zipWriter, existingHeader, outZip.Name())
if err != nil {
return
}
zipWriter.Flush()
return
}

Expand All @@ -288,6 +292,8 @@ func copyAndFilterFilesFromZip(
writer *zip.Writer,
nestedPaths []string,
) (err error) {
defer writer.Flush()

nestedPath := head(nestedPaths)
for _, member := range zipReader.File {
if member.Name == nestedPath {
Expand Down Expand Up @@ -333,6 +339,15 @@ func copyAndFilterFilesFromZip(
}

if member.FileInfo().IsDir() {
_, err = writer.Create(member.Name)
if err != nil {
log.Error().
Err(err).
Str("memberName", member.Name).
Str("member", fmt.Sprintf("%+v", member.FileHeader)).
Msg("Error while copying zip dir.")
return
}
continue
}

Expand Down
Binary file added tools/log4shell/test/vulnerable-apps/patched.jar
View file
Binary file not shown.
Binary file modified tools/log4shell/test/vulnerable-apps/vulnerable.jar
View file
Binary file not shown.

0 comments on commit 449f700

Please sign in to comment.