[LOG4J2-2707] ArrayIndexOutOfBoundsException in UuidUtil, when MAC address is longer than 6 bytes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.12.1
Fix Version/s: 2.13.0
Component/s: Core
Labels:
- easyfix

Flags:

Important

Description

Problem:

There is a Bug in the UuidUtil class, which causes an ArrayIndexOutOfBoundsException, when the MAC address is longer than 6 bytes.

Here's the code:

private static final int NODE_SIZE = 8;

byte[] mac = NetUtils.getMacAddress();
final Random randomGenerator = new SecureRandom();
if (mac == null || mac.length == 0) {
	mac = new byte[6];
	randomGenerator.nextBytes(mac);
}
final int length = mac.length >= 6 ? 6 : mac.length;
final int index = mac.length >= 6 ? mac.length - 6 : 0;
final byte[] node = new byte[NODE_SIZE];
node[0] = VARIANT;
node[1] = 0;
for (int i = 2; i < NODE_SIZE; ++i) {
	node[i] = 0;
}
System.arraycopy(mac, index, node, index + 2, length);

The problem is the System.arraycopy call, when the MAC address is longer than 6 bytes.

Here's a table, with the different cases:

mac.length	length	index	System.arraycopy
0	0	0	System.arraycopy(mac, 0, node, 2, 0);
1	1	0	System.arraycopy(mac, 0, node, 2, 1);
2	2	0	System.arraycopy(mac, 0, node, 2, 2);
3	3	0	System.arraycopy(mac, 0, node, 2, 3);
4	4	0	System.arraycopy(mac, 0, node, 2, 4);
5	5	0	System.arraycopy(mac, 0, node, 2, 5);
6	6	0	System.arraycopy(mac, 0, node, 2, 6);
7	6	1	System.arraycopy(mac, 1, node, 3, 6);
8	6	2	System.arraycopy(mac, 2, node, 4, 6);

mac.length from 0 to 6 work fine.

But for mac.length 7, 8 and above the System.arraycopy call will throw an ArrayIndexOutOfBoundsException, because it tries to write to positions on node array, which do not exist.

For example for mac.length 8, the call would try to write to positions 8 and 9 on node, which do not exists, since node is 8 bytes.

Here's the Stacktrace we encountered:

java.lang.ExceptionInInitializerError
	at org.apache.logging.log4j.core.util.WatchManager.<init>(WatchManager.java:53)
	at org.apache.logging.log4j.core.config.AbstractConfiguration.<init>(AbstractConfiguration.java:135)
	at org.apache.logging.log4j.core.config.NullConfiguration.<init>(NullConfiguration.java:32)
	at org.apache.logging.log4j.core.LoggerContext.<clinit>(LoggerContext.java:85)
	at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.createContext(ClassLoaderContextSelector.java:179)
	at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.locateContext(ClassLoaderContextSelector.java:153)
	at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:82)
	at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:170)
	at org.apache.logging.log4j.core.config.Configurator.initialize(Configurator.java:86)
	at org.apache.logging.log4j.core.config.Configurator.initialize(Configurator.java:67)
        [...]
Caused by: java.lang.ArrayIndexOutOfBoundsException
	at java.lang.System.arraycopy(Native Method)
	at org.apache.logging.log4j.core.util.UuidUtil.<clinit>(UuidUtil.java:81)
	... 13 more

Solution:

The code can be fixed by always using 2 for destPos:

System.arraycopy(mac, index, node, 2, length);

Attachments

Issue Links

Blocked

LOG4J2-2980 CLONE - ArrayIndexOutOfBoundsException in the initialization of UuidUtil

Closed

is duplicated by

LOG4J2-2980 CLONE - ArrayIndexOutOfBoundsException in the initialization of UuidUtil

Closed

is related to

LOG4J2-2711 UuidUtil array index out of bounds exception

Open

links to

GitHub Pull Request #314

Activity

People

Assignee:: Unassigned

Reporter:: Christian Frank

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 15/Oct/19 06:05

Updated:: 21/Dec/20 13:12

Resolved:: 03/Dec/19 06:02

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 40m