[jira] [Commented] (LOG4J2-3230) Certain strings can cause infinite recursion

Thu, 16 Dec 2021 15:15:06 -0800 


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461118#comment-17461118
 ] 

Jon Bristow commented on LOG4J2-3230:
-------------------------------------

Created a sample project that I believe reproduces this behavior.

(Results of testing in 2.8, 2.14.0, and 2.16.0)

 

In 2.16.0:
 * if the suspect string is put in the PatternLayout, then that specific 
patternLayout will crash when loaded and replace itself with a PatternLayout 
that just logs what is handed to it with no formatting
 *  logging the suspect string seems to have no affect, and it is passed 
untransformed to both System.Out or the file I specified as expected.

in 2.14.0 and 2.8
 * The PatternLayout behaves the same as 2.16.0
 * logging the suspect string generates an exception in Log4j, and the intended 
log message is lost.
 * Basic program flow does not seem to be affected. Log statements NOT 
including the suspect string are logged normally both before and after the 
suspect string generates the exceptions.

 

Example Code Used:[^sample.tar.gz]

Error seen in console: (not logged)
{code:java}
2021-12-16 15:07:39,406 main ERROR Could not create plugin of type class 
org.apache.logging.log4j.core.layout.PatternLayout for element PatternLayout: 
java.lang.IllegalStateException: Infinite loop in property interpolation of 
::-${::-$${::-j}}: : java.lang.IllegalStateException: Infinite loop in property 
interpolation of ::-${::-$${::-j}}: :
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.checkCyclicSubstitution(StrSubstitutor.java:1081)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:1029)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:1042)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:912)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:978)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:912)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:978)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:912)
    at 
org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:467)
    at 
org.apache.logging.log4j.core.config.plugins.visitors.PluginBuilderAttributeVisitor.visit(PluginBuilderAttributeVisitor.java:48)
    at 
org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.injectFields(PluginBuilder.java:185)
    at 
org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.build(PluginBuilder.java:121)
    at 
org.apache.logging.log4j.core.config.AbstractConfiguration.createPluginObject(AbstractConfiguration.java:1107)
    at 
org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:1032)
    at 
org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:1024)
    at 
org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:1024)
    at 
org.apache.logging.log4j.core.config.AbstractConfiguration.doConfigure(AbstractConfiguration.java:643)
    at 
org.apache.logging.log4j.core.config.AbstractConfiguration.initialize(AbstractConfiguration.java:243)
    at 
org.apache.logging.log4j.core.config.AbstractConfiguration.start(AbstractConfiguration.java:289)
    at 
org.apache.logging.log4j.core.LoggerContext.setConfiguration(LoggerContext.java:626)
    at 
org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:699)
    at 
org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:716)
    at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:270)
    at 
org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:155)
    at 
org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
    at org.apache.logging.log4j.LogManager.getContext(LogManager.java:196)
    at org.apache.logging.log4j.LogManager.getLogger(LogManager.java:599)
    at net.jondotcomdotorg.TestDOS.<clinit>(TestDOS.java:7)
{code}

> Certain strings can cause infinite recursion
> --------------------------------------------
>
>                 Key: LOG4J2-3230
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3230
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.8, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.10.0, 2.11.0, 2.11.1, 
> 2.11.2, 2.12.0, 2.12.1, 2.13.0, 2.13.1, 2.13.2, 2.14.0, 2.13.3, 2.14.1, 
> 2.15.0, 2.16.0
>            Reporter: Ross Cohen
>            Assignee: Carter Kozak
>            Priority: Major
>         Attachments: sample.tar.gz
>
>
> If a string substitution is attempted for any reason on the following string, 
> it will trigger an infinite recursion, and the application will crash: 
> ${${::\-${::\-$${::\-j}}}}.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to