Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-1069

Improper handling of JSON escape chars when deserializing JSON log events

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.3
    • 2.4
    • Core
    • None

    Description

      There is an error in the handling of JSON escape characters while determining the log event boundaries in a JSON stream. This error is causing log events with JSON escaped characters in the message string to be skipped. The existing tests do not appear to cover this case, and other serialization types are not affected. Here is a test/fix patch:

      diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/server/JsonInputStreamLogEventBridge.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/server/JsonInputStreamLogEventBridge.java
      index 1b81644..8ed2732 100644
      --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/server/JsonInputStreamLogEventBridge.java
      +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/server/JsonInputStreamLogEventBridge.java
      @@ -55,8 +55,10 @@ public class JsonInputStreamLogEventBridge extends InputStreamLogEventBridge {
               boolean inEsc = false;
               for (int i = start; i < charArray.length; i++) {
                   final char c = charArray[i];
      -            if (!inEsc) {
      -                inEsc = false;
      +            if (inEsc) {
      +            	// Skip this char and continue
      +            	inEsc = false;
      +            } else { 
                       switch (c) {
                       case EVENT_START_MARKER:
                           if (!inStr) {
      diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/net/server/AbstractSocketServerTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/net/server/AbstractSocketServerTest.java
      index 891e278..2bdb3c3 100644
      --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/net/server/AbstractSocketServerTest.java
      +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/net/server/AbstractSocketServerTest.java
      @@ -69,7 +69,9 @@ public abstract class AbstractSocketServerTest {
           private static final String MESSAGE = "This is test message";
       
           private static final String MESSAGE_2 = "This is test message 2";
      -
      +    
      +    private static final String MESSAGE_WITH_SPECIAL_CHARS = "{This}\n[is]\"n\"a\"\r\ntrue:\n\ttest,\nmessage";
      +    
           static final int PORT_NUM = AvailablePortFinder.getNextAvailable();
       
           static final String PORT = String.valueOf(PORT_NUM);
      @@ -158,6 +160,13 @@ public abstract class AbstractSocketServerTest {
                   testServer(m1, m2);
               }
           }
      +    
      +    
      +    @Test
      +    public void testMessagesWithSpecialChars() throws Exception {
      +        testServer(MESSAGE_WITH_SPECIAL_CHARS);
      +    }
      +    
       
           private void testServer(final int size) throws Exception {
               final String[] messages = new String[size];
      

      The test provided is simplistic and does not attempt to cover all possible special characters as the bug has to do with escaped characters in general. XML and java serialization handle the special chars in my test string without issue - I did not attempt to locate similar cases in the other serialization types.

      Attachments

        Activity

          People

            Unassigned Unassigned
            braam Sam Braam
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: