mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 12:26:34 +02:00
Code Issues Projects Releases Wiki Activity

Fix panic when logging in to userpass without a valid user (#7160)

Browse Source
This commit is contained in:
Jeff Mitchell 2019-07-22 12:27:28 -04:00 committed by GitHub
parent 7f0ff628b8
commit d7efee8f2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
builtin/credential/userpass/path_login.go
View File

@ -64,11 +64,6 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
// Get the user and validate auth
user, userError := b.user(ctx, req.Storage, username)
// Check for a CIDR match.
if !cidrutil.RemoteAddrIsOk(req.Connection.RemoteAddr, user.TokenBoundCIDRs) {
return nil, logical.ErrPermissionDenied
}
var userPassword []byte
var legacyPassword bool
// If there was an error or it's nil, we fake a password for the bcrypt
@ -108,6 +103,11 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
return logical.ErrorResponse("invalid username or password"), nil
}
// Check for a CIDR match.
if !cidrutil.RemoteAddrIsOk(req.Connection.RemoteAddr, user.TokenBoundCIDRs) {
return nil, logical.ErrPermissionDenied
}
auth := &logical.Auth{
Metadata: map[string]string{
"username": username,