全局屏蔽log4j2查询字符串

q804991929 · May 28, 2022 · 6ca86dd · 6ca86dd
1 parent faea21e
commit 6ca86dd
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 1 deletion.
diff --git a/patches/minecraft/net/minecraft/network/PacketBuffer.java.patch b/patches/minecraft/net/minecraft/network/PacketBuffer.java.patch
@@ -81,3 +81,19 @@
           return itemstack;
        }
     }
+@@ -333,6 +_,7 @@
+          if (s.length() > p_150789_1_) {
+             throw new DecoderException("The received string length is longer than maximum allowed (" + i + " > " + p_150789_1_ + ")");
+          } else {
++            catserver.server.utils.Log4j2_3201_Fixer.matchThrowException(s); // CatServer
+             return s;
+          }
+       }
+@@ -343,6 +_,7 @@
+    }
+
+    public PacketBuffer func_211400_a(String p_211400_1_, int p_211400_2_) {
++      if (catserver.server.utils.Log4j2_3201_Fixer.matchPrintException(p_211400_1_)) p_211400_1_ = ""; // CatServer
+       byte[] abyte = p_211400_1_.getBytes(StandardCharsets.UTF_8);
+       if (abyte.length > p_211400_2_) {
+          throw new EncoderException("String too big (was " + abyte.length + " bytes encoded, max " + p_211400_2_ + ")");
diff --git a/src/fmllauncher/java/catserver/server/utils/Log4j2_3201_Fixer.java b/src/fmllauncher/java/catserver/server/utils/Log4j2_3201_Fixer.java
@@ -0,0 +1,73 @@
+package catserver.server.utils;
+
+import java.lang.reflect.Field;
+import java.util.Map;
+import java.util.concurrent.locks.Lock;
+import java.util.regex.Pattern;
+import org.apache.logging.log4j.core.appender.AbstractManager;
+import org.apache.logging.log4j.core.net.JndiManager;
+
+public class Log4j2_3201_Fixer {
+    private final static Pattern REGEX = Pattern.compile("(?i)\\$\\{(jndi|ctx|date|env|event|java|jvmrunargs|log4j|lower|main|map|marker|bundle|sd|sys|upper|):[\\s\\S]*}");
+
+    public static boolean match(String message) {
+        if (message != null) {
+            return REGEX.matcher(message.replaceAll("\u00a7[a-zA-Z0-9]", "").replaceAll("(\\s|\\n\\r)", "")).find();
+        } else {
+            return false;
+        }
+    }
+
+    public static void matchThrowException(String message) throws RuntimeException {
+        if (match(message)) {
+            throw new RuntimeException("Detected log4j2 3201 bug! Message: " + message.replace("$", "\\u0024"));
+        }
+    }
+
+    public static boolean matchPrintException(String message) {
+        if (match(message)) {
+            new RuntimeException("Detected log4j2 3201 bug! Message: " + message.replace("$", "\\u0024")).printStackTrace();
+            return true;
+        }
+        return false;
+    }
+
+    public static boolean matchPrintMessage(String message) {
+        if (match(message)) {
+            System.out.println("Detected log4j2 3201 bug! Message: " + message.replace("$", "\\u0024"));
+            return true;
+        }
+        return false;
+    }
+
+    public static void disableJndiLookup() {
+        try {
+            Field fieldLock = AbstractManager.class.getDeclaredField("LOCK");
+            Field fieldNap = AbstractManager.class.getDeclaredField("MAP");
+            fieldLock.setAccessible(true);
+            fieldNap.setAccessible(true);
+
+            Lock lock = (Lock) fieldLock.get(null);
+            Map<String, AbstractManager> map = (Map<String, AbstractManager>) fieldNap.get(null);
+
+            lock.lock();
+            map.put(JndiManager.class.getName(), new AbstractManager(null, JndiManager.class.getName()) {
+                private final RuntimeException disallowException = new RuntimeException() {
+                    public synchronized Throwable fillInStackTrace()
+                    {
+                        this.setStackTrace(new StackTraceElement[0]);
+                        return this;
+                    }
+                };
+
+                @Override
+                public void updateData(Object data) {
+                    throw disallowException;
+                }
+            });
+            lock.unlock();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/src/fmllauncher/java/foxlaunch/FoxServerLauncher.java b/src/fmllauncher/java/foxlaunch/FoxServerLauncher.java
@@ -26,7 +26,9 @@ public static void main(String[] args) throws Throwable {
         FoxServerLauncher.class.getClassLoader().loadClass("com.google.gson.internal.bind.TypeAdapters$EnumTypeAdapter"); // Load gson patch
         FoxServerLauncher.class.getClassLoader().loadClass("net.minecraftforge.eventbus.EventBus"); // Load EventBus patch
 
-        DataManager.gc();;
+        catserver.server.utils.Log4j2_3201_Fixer.disableJndiLookup();
+
+        DataManager.gc();
 
         Class.forName("net.minecraftforge.server.ServerMain").getMethod("main", String[].class).invoke(null, new Object[]{ args });
     }