Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardens PropertiesUtil against recursive property sources #3263

Merged
merged 5 commits into from
Dec 9, 2024
Merged

Hardens PropertiesUtil against recursive property sources #3263

merged 5 commits into from
Dec 9, 2024

Conversation

ppkarwasz
Copy link
Contributor

As showed in #3252, Spring's JndiPropertySource not only can throw exceptions, but can also perform logging calls. Such a call causes a recursive call to PropertiesUtil.getProperty("log4j2.flowMessageFactory") and a StackOverflowException in the best scenario. The worst scenario includes a deadlock.

This PR:

  • Moves the creation of the default MessageFactory and FlowMessageFactory to the static initializer of LoggerContext. This should be close enough to the pre-2.23.0 location in AbstractLogger. The LoggerContext class is usually initialized, before Spring Boot adds its property sources to PropertiesUtil.
  • Adds a check to PropertiesUtil to ignore recursive calls.

Closes #3252.

@ppkarwasz
Hardens PropertiesUtil against recursive property sources
cb59a70 
As showed in #3252, Spring's `JndiPropertySource` not only can throw exceptions, but can also perform logging calls.
Such a call causes a recursive call to `PropertiesUtil.getProperty("log4j2.flowMessageFactory"`) and a `StackOverflowException` in the best scenario. The worst scenario includes a deadlock.

This PR:

- Moves the creation of the default `MessageFactory` and `FlowMessageFactory` to the static initializer of `LoggerContext`. This should be close enough to the pre-2.23.0 location in `AbstractLogger`. The `LoggerContext` class is usually initialized, before Spring Boot adds its property sources to `PropertiesUtil`.
- Adds a check to `PropertiesUtil` to ignore recursive calls.

Closes #3252.
@ppkarwasz ppkarwasz mentioned this pull request Dec 2, 2024
Closed
@ppkarwasz ppkarwasz added this to the 2.24.3 milestone Dec 2, 2024
@ppkarwasz ppkarwasz self-assigned this Dec 4, 2024
@ppkarwasz ppkarwasz requested a review from vy December 6, 2024 16:55
@ppkarwasz
Make AsyncLogger constructor package-private
c8db2fd 
The constructor is effectively package-private, since it has a package-private class (`AsyncLoggerDisruptor`) in its signature.
@ppkarwasz
Minor changes to comments and tests
77bd350
@ppkarwasz ppkarwasz merged commit 18a1deb into 2.24.x Dec 9, 2024
7 checks passed
@ppkarwasz ppkarwasz deleted the fix/2.24.x/3252_recursive_property_source branch December 9, 2024 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vy vy Awaiting requested review from vy

Assignees

@ppkarwasz ppkarwasz

Labels
None yet
Projects
None yet
Milestone
2.24.3
Development

Successfully merging this pull request may close these issues.
2 participants
@ppkarwasz @vy