Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

vault: fix panic by checking for nil secret #4904

Merged
merged 1 commit into from
Nov 20, 2018
Merged

Conversation

schmichael
Copy link
Member

Vault's RenewSelf(...) API may return (nil, nil). We failed to check if
secret was nil before attempting to use it.

RenewSelf:
https://github.com/hashicorp/vault/blob/e3eee5b4fb386418d10b6a248252ec6e2e05d980/api/auth_token.go#L138-L155

Calls ParseSecret:
https://github.com/hashicorp/vault/blob/e3eee5b4fb386418d10b6a248252ec6e2e05d980/api/secret.go#L309-L311

If anyone has an idea on how to test this I didn't see any options. We
use a real Vault service, so there's no opportunity to mock the
response.

Vault's RenewSelf(...) API may return (nil, nil). We failed to check if
secret was nil before attempting to use it.

RenewSelf:
https://github.com/hashicorp/vault/blob/e3eee5b4fb386418d10b6a248252ec6e2e05d980/api/auth_token.go#L138-L155

Calls ParseSecret:
https://github.com/hashicorp/vault/blob/e3eee5b4fb386418d10b6a248252ec6e2e05d980/api/secret.go#L309-L311

If anyone has an idea on how to test this I didn't see any options. We
use a real Vault service, so there's no opportunity to mock the
response.
@schmichael schmichael merged commit e8475fe into master Nov 20, 2018
@schmichael schmichael deleted the b-vault-panic branch November 20, 2018 18:09
schmichael added a commit that referenced this pull request Nov 20, 2018
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 24, 2023
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants