Author: ritchiem Date: Wed Oct 28 15:34:15 2009 New Revision: 830603 URL: http://svn.apache.org/viewvc?rev=830603&view=rev Log: QPID-2055: remove use of FileUtils.copyCheckedEx for security reasons, generate new file in same filesystem as existing file to avoid copying between filesystems
Modified: qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java Modified: qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java URL: http://svn.apache.org/viewvc/qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java?rev=830603&r1=830602&r2=830603&view=diff ============================================================================== --- qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java (original) +++ qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java Wed Oct 28 15:34:15 2009 @@ -29,6 +29,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Random; import org.apache.qpid.management.common.mbeans.LoggingManagement; import org.apache.qpid.management.common.mbeans.annotations.MBeanDescription; @@ -365,10 +366,17 @@ DOMSource source = new DOMSource(doc); File tmp; + Random r = new Random(); + do + { + tmp = new File(log4jConfigFile.getPath() + r.nextInt() + ".tmp"); + } + while(tmp.exists()); + + tmp.deleteOnExit(); + try { - tmp = File.createTempFile("LogManMBeanTemp", ".tmp"); - tmp.deleteOnExit(); StreamResult result = new StreamResult(tmp); transformer.transform(source, result); } @@ -377,11 +385,6 @@ _logger.warn("Could not transform the XML into new file: " +e); throw new IOException("Could not transform the XML into new file: " +e); } - catch (IOException e) - { - _logger.warn("Could not create the new log4j XML file: " +e); - throw new IOException("Could not create the new log4j XML file: " +e); - } // Swap temp file in to replace existing configuration file. File old = new File(log4jConfigFile.getAbsoluteFile() + ".old"); @@ -390,30 +393,26 @@ old.delete(); } - try + if(!log4jConfigFile.renameTo(old)) { - if(!log4jConfigFile.renameTo(old)) - { - FileUtils.copyCheckedEx(log4jConfigFile, old); - } + //unable to rename the existing file to the backup name + _logger.error("Could not backup the existing log4j XML file"); + throw new IOException("Could not backup the existing log4j XML file"); } - catch (IOException e) - { - _logger.warn("Could not backup the existing log4j XML file: " +e); - throw new IOException("Could not backup the existing log4j XML file: " +e); - } - - try + + if(!tmp.renameTo(log4jConfigFile)) { - if(!tmp.renameTo(log4jConfigFile)) + //failed to rename the new file to the required filename + + if(!old.renameTo(log4jConfigFile)) { - FileUtils.copyCheckedEx(tmp, log4jConfigFile); + //unable to return the backup to required filename + _logger.error("Could not rename the new log4j configuration file into place, and unable to restore original file"); + throw new IOException("Could not rename the new log4j configuration file into place, and unable to restore original file"); } - } - catch (IOException e) - { - _logger.warn("Could not copy the new configuration into place: " +e); - throw new IOException("Could not copy the new configuration into place: " +e); + + _logger.error("Could not rename the new log4j configuration file into place"); + throw new IOException("Could not rename the new log4j configuration file into place"); } return true; --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:commits-subscr...@qpid.apache.org