Don't allow non-printable characters in the API client's token (#3841)

2026-05-12 00:13:45 +02:00 · 2018-01-24 19:57:49 -05:00 · 2018-01-24 19:57:49 -05:00 · 460e8fc1ff
commit 460e8fc1ff
parent 5e0f673544
2 changed files with 35 additions and 0 deletions
--- a/api/client.go
+++ b/api/client.go
@ -12,6 +12,7 @@ import (
 	"strings"
 	"sync"
 	"time"
+	"unicode"

 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/go-cleanhttp"
@ -530,8 +531,17 @@ func (c *Client) RawRequest(r *Request) (*Response, error) {
 	c.modifyLock.RLock()
 	c.config.modifyLock.RLock()
 	defer c.config.modifyLock.RUnlock()
+	token := c.token
 	c.modifyLock.RUnlock()

+	// Sanity check the token before potentially erroring from the API
+	idx := strings.IndexFunc(token, func(c rune) bool {
+		return !unicode.IsPrint(c)
+	})
+	if idx != -1 {
+		return nil, fmt.Errorf("Configured Vault token contains non-printable characters and cannot be used.")
+	}
+
 	redirectCount := 0
 START:
 	req, err := r.ToHTTP()
--- a/api/client_test.go
+++ b/api/client_test.go
@ -5,6 +5,7 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"strings"
 	"testing"
 	"time"
 )
@ -95,6 +96,30 @@ func TestClientToken(t *testing.T) {
 	}
 }

+func TestClientBadToken(t *testing.T) {
+	handler := func(w http.ResponseWriter, req *http.Request) {}
+
+	config, ln := testHTTPServer(t, http.HandlerFunc(handler))
+	defer ln.Close()
+
+	client, err := NewClient(config)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	client.SetToken("foo")
+	_, err = client.RawRequest(client.NewRequest("PUT", "/"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client.SetToken("foo\u007f")
+	_, err = client.RawRequest(client.NewRequest("PUT", "/"))
+	if err == nil || !strings.Contains(err.Error(), "printable") {
+		t.Fatalf("expected error due to bad token")
+	}
+}
+
 func TestClientRedirect(t *testing.T) {
 	primary := func(w http.ResponseWriter, req *http.Request) {
 		w.Write([]byte("test"))