mirror of
https://github.com/hashicorp/vault.git
synced 2025-12-25 03:11:40 +01:00
f150a52593
* Fix transit panic with invalid PEM
When an invalid (non-PEM) public key is given to Transit's import, this
fails with a panic in server logs:
2023-09-05T08:11:11.526-0400 [INFO] http: panic serving 127.0.0.1:42414: runtime error: invalid memory address or nil pointer dereference
goroutine 950 [running]:
net/http.(*conn).serve.func1()
/usr/local/go/src/net/http/server.go:1868 +0xb9
panic({0x8371620?, 0x1050b390?})
/usr/local/go/src/runtime/panic.go:920 +0x270
github.com/hashicorp/vault/sdk/helper/keysutil.(*Policy).ImportPublicOrPrivate(0xc003fff440, {0xaf02918, 0xc004509920}, {0xaf03670, 0xc0032e4180}, {0xc004532ea0, 0x188, 0x1a0}, 0x0, {0xae7f5e0, ...})
/home/cipherboy/GitHub/cipherboy/vault/sdk/helper/keysutil/policy.go:1538 +0x687
github.com/hashicorp/vault/sdk/helper/keysutil.(*LockManager).ImportPolicy(0xc001a29410, {0xaf02918, 0xc004509920}, {{0xaf03670, 0xc0032e4180}, {0xc003eb5ab5, 0xb}, 0x3, 0x0, 0x0, ...}, ...)
/home/cipherboy/GitHub/cipherboy/vault/sdk/helper/keysutil/lock_manager.go:517 +0x38a
This is unfortunate and doesn't reveal the cause of the failure: input
was not provided in PEM format, per docs.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix additional PEM decode without error check
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Vault SDK libs
This package provides the sdk package which contains code useful for
developing Vault plugins.
Although we try not to break functionality, we reserve the right to reorganize
the code at will and may occasionally cause breaks if they are warranted. As
such we expect the tag of this module will stay less than v1.0.0.
For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.