You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ri...@apache.org on 2009/10/28 16:34:16 UTC

svn commit: r830603 - /qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java

Author: ritchiem
Date: Wed Oct 28 15:34:15 2009
New Revision: 830603

URL: http://svn.apache.org/viewvc?rev=830603&view=rev
Log:
QPID-2055: remove use of FileUtils.copyCheckedEx for security reasons, generate new file in same filesystem as existing file to avoid copying between filesystems

Modified:
    qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java

Modified: qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java?rev=830603&r1=830602&r2=830603&view=diff
==============================================================================
--- qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java (original)
+++ qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java Wed Oct 28 15:34:15 2009
@@ -29,6 +29,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Random;
 
 import org.apache.qpid.management.common.mbeans.LoggingManagement;
 import org.apache.qpid.management.common.mbeans.annotations.MBeanDescription;
@@ -365,10 +366,17 @@
             DOMSource source = new DOMSource(doc);
 
             File tmp;
+            Random r = new Random();
+            do
+            {
+                tmp = new File(log4jConfigFile.getPath() + r.nextInt() + ".tmp");
+            }
+            while(tmp.exists());
+            
+            tmp.deleteOnExit();
+            
             try
             {
-                tmp = File.createTempFile("LogManMBeanTemp", ".tmp");
-                tmp.deleteOnExit();
                 StreamResult result = new StreamResult(tmp);
                 transformer.transform(source, result);
             }
@@ -377,11 +385,6 @@
                 _logger.warn("Could not transform the XML into new file: " +e);
                 throw new IOException("Could not transform the XML into new file: " +e);
             }
-            catch (IOException e)
-            {
-                _logger.warn("Could not create the new log4j XML file: " +e);
-                throw new IOException("Could not create the new log4j XML file: " +e);
-            }
 
             // Swap temp file in to replace existing configuration file.
             File old = new File(log4jConfigFile.getAbsoluteFile() + ".old");
@@ -390,30 +393,26 @@
                 old.delete();
             }
             
-            try
+            if(!log4jConfigFile.renameTo(old))
             {
-                if(!log4jConfigFile.renameTo(old))
-                {
-                    FileUtils.copyCheckedEx(log4jConfigFile, old);
-                }
+                //unable to rename the existing file to the backup name 
+                _logger.error("Could not backup the existing log4j XML file");
+                throw new IOException("Could not backup the existing log4j XML file");
             }
-            catch (IOException e)
-            {
-                _logger.warn("Could not backup the existing log4j XML file: " +e);
-                throw new IOException("Could not backup the existing log4j XML file: " +e);
-            }
-            
-            try
+
+            if(!tmp.renameTo(log4jConfigFile))
             {
-                if(!tmp.renameTo(log4jConfigFile))
+                //failed to rename the new file to the required filename
+                
+                if(!old.renameTo(log4jConfigFile))
                 {
-                    FileUtils.copyCheckedEx(tmp, log4jConfigFile);
+                    //unable to return the backup to required filename
+                    _logger.error("Could not rename the new log4j configuration file into place, and unable to restore original file");
+                    throw new IOException("Could not rename the new log4j configuration file into place, and unable to restore original file");
                 }
-            }
-            catch (IOException e)
-            {
-                _logger.warn("Could not copy the new configuration into place: " +e);
-                throw new IOException("Could not copy the new configuration into place: " +e);
+                
+                _logger.error("Could not rename the new log4j configuration file into place");
+                throw new IOException("Could not rename the new log4j configuration file into place");
             }
             
             return true;



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org