[logback-dev] [JIRA] (LOGBACK-1347) HardenedObjectInputStream can't handle multiple markers
QOS.CH (JIRA)
noreply-jira at qos.ch
Fri Oct 13 00:11:00 CEST 2017
Nathan Jensen created LOGBACK-1347:
--------------------------------------
Summary: HardenedObjectInputStream can't handle multiple markers
Key: LOGBACK-1347
URL: https://jira.qos.ch/browse/LOGBACK-1347
Project: logback
Issue Type: Bug
Components: logback-classic, logback-core
Affects Versions: 1.2.0
Reporter: Nathan Jensen
Assignee: Logback dev list
I have an application that uses logback classic's SocketAppender to send events to a separate logging process. The separate process is using logback classic's ServerSocketReceiver and then tracks details about the events. With logback 1.2 it stopped working and the receiving process started outputting: "java.io.InvalidClassException: Unauthorized deserialization attempt; [Ljava.lang.Object;". Trying to track it down I finally found that it happened when I had two or more Markers on the event. Specifically with code such as:
{code:java}
Marker marker = MarkerFactory.getDetachedMarker(processName);
marker.add(MarkerFactory.getMarker(priority));{code}
Tracing further, the error message comes from logback core's HardenedObjectInputStream.resolveClass(ObjectStreamClass). The related class HardenedLoggingEventInputStream has a whitelist of accepted classnames that includes org.slf4j.helpers.BasicMarker but not Object[]. When the sending application code calls BasicMarker.add(Marker), the BasicMarker will create a new internal Vector. That Vector has the field elementData of type Object[] which gets serialized in the sending process. Then the receiving process does not accept Object[] during deserialization and produces the error above.
In short, I can't have two slf4j Markers on an event and send it across with serialization with logback classic's SocketAppender and ServerSocketReceiver.
--
This message was sent by Atlassian JIRA
(v7.3.1#73012)
More information about the logback-dev
mailing list