log4j12/CVE-2022-23302.patch

From: Markus Koschany <apo@debian.org>
Date: Mon, 31 Jan 2022 11:30:35 +0100
Subject: CVE-2022-23302

Origin: https://github.com/qos-ch/reload4j/commit/f221f2427c45134cf5768f46279ddf72fe1407c9
---
 src/main/java/org/apache/log4j/net/JMSSink.java | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/apache/log4j/net/JMSSink.java b/src/main/java/org/apache/log4j/net/JMSSink.java
index 6a02831..c25b4a3 100644
--- a/src/main/java/org/apache/log4j/net/JMSSink.java
+++ b/src/main/java/org/apache/log4j/net/JMSSink.java
@@ -88,8 +88,7 @@ public class JMSSink implements javax.jms.MessageListener {
     try {
       Context ctx = new InitialContext();
       TopicConnectionFactory topicConnectionFactory;
-      topicConnectionFactory = (TopicConnectionFactory) lookup(ctx,
-                                                               tcfBindingName);
+      topicConnectionFactory = (TopicConnectionFactory) JNDIUtil.lookupObject(ctx, tcfBindingName);
 
       TopicConnection topicConnection =
 	                        topicConnectionFactory.createTopicConnection(username,
@@ -99,7 +98,7 @@ public class JMSSink implements javax.jms.MessageListener {
       TopicSession topicSession = topicConnection.createTopicSession(false,
                                                        Session.AUTO_ACKNOWLEDGE);
 
-      Topic topic = (Topic)ctx.lookup(topicBindingName);
+      Topic topic = (Topic) JNDIUtil.lookupObject(ctx, topicBindingName);
 
       TopicSubscriber topicSubscriber = topicSession.createSubscriber(topic);
     
@@ -135,15 +134,6 @@ public class JMSSink implements javax.jms.MessageListener {
   }
 
 
-  protected static Object lookup(Context ctx, String name) throws NamingException {
-    try {
-      return ctx.lookup(name);
-    } catch(NameNotFoundException e) {
-      logger.error("Could not find name ["+name+"].");
-      throw e;
-    }
-  }
-
   static void usage(String msg) {
     System.err.println(msg);
     System.err.println("Usage: java " + JMSSink.class.getName()