QPID-2055: remove use of FileUtils.copyCheckedEx for security reasons, generate new file in same filesystem as existing file to avoid copying between filesystems

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@827591 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Gemmell <robbie@apache.org> 2009-10-20 14:46:35 +0000
committer: Robert Gemmell <robbie@apache.org> 2009-10-20 14:46:35 +0000
commit: cc12b352d19e7f51eba772300535b2751484b1fb (patch)
tree: 10709a13cbedb14a6084a94ddbb5603b54ac100e
parent: 0c99cdf0fa3d8d862a4f8e0f8de623091e1f41ba (diff)
download: qpid-python-cc12b352d19e7f51eba772300535b2751484b1fb.tar.gz
1 files changed, 25 insertions, 26 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java
index 3c47cdd094..c36eeb5016 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/management/LoggingManagementMBean.java
@@ -29,6 +29,7 @@ import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Random;
 
 import org.apache.qpid.management.common.mbeans.LoggingManagement;
 import org.apache.qpid.management.common.mbeans.annotations.MBeanDescription;
@@ -365,10 +366,17 @@ public class LoggingManagementMBean extends AMQManagedObject implements LoggingM
             DOMSource source = new DOMSource(doc);
 
             File tmp;
+            Random r = new Random();
+            do
+            {
+                tmp = new File(log4jConfigFile.getPath() + r.nextInt() + ".tmp");
+            }
+            while(tmp.exists());
+            
+            tmp.deleteOnExit();
+            
             try
             {
-                tmp = File.createTempFile("LogManMBeanTemp", ".tmp");
-                tmp.deleteOnExit();
                 StreamResult result = new StreamResult(tmp);
                 transformer.transform(source, result);
             }
@@ -377,11 +385,6 @@ public class LoggingManagementMBean extends AMQManagedObject implements LoggingM
                 _logger.warn("Could not transform the XML into new file: " +e);
                 throw new IOException("Could not transform the XML into new file: " +e);
             }
-            catch (IOException e)
-            {
-                _logger.warn("Could not create the new log4j XML file: " +e);
-                throw new IOException("Could not create the new log4j XML file: " +e);
-            }
 
             // Swap temp file in to replace existing configuration file.
             File old = new File(log4jConfigFile.getAbsoluteFile() + ".old");
@@ -390,30 +393,26 @@ public class LoggingManagementMBean extends AMQManagedObject implements LoggingM
                 old.delete();
             }
             
-            try
+            if(!log4jConfigFile.renameTo(old))
             {
-                if(!log4jConfigFile.renameTo(old))
-                {
-                    FileUtils.copyCheckedEx(log4jConfigFile, old);
-                }
+                //unable to rename the existing file to the backup name 
+                _logger.error("Could not backup the existing log4j XML file");
+                throw new IOException("Could not backup the existing log4j XML file");
             }
-            catch (IOException e)
-            {
-                _logger.warn("Could not backup the existing log4j XML file: " +e);
-                throw new IOException("Could not backup the existing log4j XML file: " +e);
-            }
-            
-            try
+
+            if(!tmp.renameTo(log4jConfigFile))
             {
-                if(!tmp.renameTo(log4jConfigFile))
+                //failed to rename the new file to the required filename
+                
+                if(!old.renameTo(log4jConfigFile))
                 {
-                    FileUtils.copyCheckedEx(tmp, log4jConfigFile);
+                    //unable to return the backup to required filename
+                    _logger.error("Could not rename the new log4j configuration file into place, and unable to restore original file");
+                    throw new IOException("Could not rename the new log4j configuration file into place, and unable to restore original file");
                 }
-            }
-            catch (IOException e)
-            {
-                _logger.warn("Could not copy the new configuration into place: " +e);
-                throw new IOException("Could not copy the new configuration into place: " +e);
+                
+                _logger.error("Could not rename the new log4j configuration file into place");
+                throw new IOException("Could not rename the new log4j configuration file into place");
             }
             
             return true;
author	Robert Gemmell <robbie@apache.org>	2009-10-20 14:46:35 +0000
committer	Robert Gemmell <robbie@apache.org>	2009-10-20 14:46:35 +0000
commit	cc12b352d19e7f51eba772300535b2751484b1fb (patch)
tree	10709a13cbedb14a6084a94ddbb5603b54ac100e
parent	0c99cdf0fa3d8d862a4f8e0f8de623091e1f41ba (diff)
download	qpid-python-cc12b352d19e7f51eba772300535b2751484b1fb.tar.gz