[
https://issues.apache.org/jira/browse/LOG4J2-2707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Frank closed LOG4J2-2707.
-----------------------------------
Verified with release 2.13.0
> ArrayIndexOutOfBoundsException in UuidUtil, when MAC address is longer than 6
> bytes
> -----------------------------------------------------------------------------------
>
> Key: LOG4J2-2707
> URL: https://issues.apache.org/jira/browse/LOG4J2-2707
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.12.1
> Reporter: Christian Frank
> Priority: Major
> Labels: easyfix
> Fix For: 2.13.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> *Problem:*
> There is a Bug in the UuidUtil class, which causes an
> ArrayIndexOutOfBoundsException, when the MAC address is longer than 6 bytes.
> Here's the code:
> {code:java}
> private static final int NODE_SIZE = 8;
> {code}
> {code:java}
> byte[] mac = NetUtils.getMacAddress();
> final Random randomGenerator = new SecureRandom();
> if (mac == null || mac.length == 0) {
> mac = new byte[6];
> randomGenerator.nextBytes(mac);
> }
> final int length = mac.length >= 6 ? 6 : mac.length;
> final int index = mac.length >= 6 ? mac.length - 6 : 0;
> final byte[] node = new byte[NODE_SIZE];
> node[0] = VARIANT;
> node[1] = 0;
> for (int i = 2; i < NODE_SIZE; ++i) {
> node[i] = 0;
> }
> System.arraycopy(mac, index, node, index + 2, length);
> {code}
> The problem is the System.arraycopy call, when the MAC address is longer
> than 6 bytes.
> Here's a table, with the different cases:
> ||mac.length||length||index||System.arraycopy||
> |0|0|0|System.arraycopy(mac, 0, node, 2, 0);|
> |1|1|0|System.arraycopy(mac, 0, node, 2, 1);|
> |2|2|0|System.arraycopy(mac, 0, node, 2, 2);|
> |3|3|0|System.arraycopy(mac, 0, node, 2, 3);|
> |4|4|0|System.arraycopy(mac, 0, node, 2, 4);|
> |5|5|0|System.arraycopy(mac, 0, node, 2, 5);|
> |6|6|0|System.arraycopy(mac, 0, node, 2, 6);|
> |7|6|1|System.arraycopy(mac, 1, node, 3, 6);|
> |8|6|2|System.arraycopy(mac, 2, node, 4, 6);|
> mac.length from 0 to 6 work fine.
> But for mac.length 7, 8 and above the System.arraycopy call will throw an
> ArrayIndexOutOfBoundsException, because it tries to write to positions on
> node array, which do not exist.
> For example for mac.length 8, the call would try to write to positions 8 and
> 9 on node, which do not exists, since node is 8 bytes.
>
> Here's the Stacktrace we encountered:
>
> {noformat}
> java.lang.ExceptionInInitializerError
> at
> org.apache.logging.log4j.core.util.WatchManager.<init>(WatchManager.java:53)
> at
> org.apache.logging.log4j.core.config.AbstractConfiguration.<init>(AbstractConfiguration.java:135)
> at
> org.apache.logging.log4j.core.config.NullConfiguration.<init>(NullConfiguration.java:32)
> at
> org.apache.logging.log4j.core.LoggerContext.<clinit>(LoggerContext.java:85)
> at
> org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.createContext(ClassLoaderContextSelector.java:179)
> at
> org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.locateContext(ClassLoaderContextSelector.java:153)
> at
> org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:82)
> at
> org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:170)
> at
> org.apache.logging.log4j.core.config.Configurator.initialize(Configurator.java:86)
> at
> org.apache.logging.log4j.core.config.Configurator.initialize(Configurator.java:67)
> [...]
> Caused by: java.lang.ArrayIndexOutOfBoundsException
> at java.lang.System.arraycopy(Native Method)
> at
> org.apache.logging.log4j.core.util.UuidUtil.<clinit>(UuidUtil.java:81)
> ... 13 more{noformat}
>
> *Solution:*
> The code can be fixed by always using 2 for destPos:
> {code:java}
> System.arraycopy(mac, index, node, 2, length);
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
