mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 02:57:04 +02:00
Code Issues Projects Releases Wiki Activity
f0a23e117f
vault/sdk
History
Alexander Scheel f150a52593
Fix transit panic with invalid PEM (#22753) 
* Fix transit panic with invalid PEM

When an invalid (non-PEM) public key is given to Transit's import, this
fails with a panic in server logs:

    2023-09-05T08:11:11.526-0400 [INFO]  http: panic serving 127.0.0.1:42414: runtime error: invalid memory address or nil pointer dereference
    goroutine 950 [running]:
    net/http.(*conn).serve.func1()
	    /usr/local/go/src/net/http/server.go:1868 +0xb9
    panic({0x8371620?, 0x1050b390?})
	    /usr/local/go/src/runtime/panic.go:920 +0x270
    github.com/hashicorp/vault/sdk/helper/keysutil.(*Policy).ImportPublicOrPrivate(0xc003fff440, {0xaf02918, 0xc004509920}, {0xaf03670, 0xc0032e4180}, {0xc004532ea0, 0x188, 0x1a0}, 0x0, {0xae7f5e0, ...})
	    /home/cipherboy/GitHub/cipherboy/vault/sdk/helper/keysutil/policy.go:1538 +0x687
    github.com/hashicorp/vault/sdk/helper/keysutil.(*LockManager).ImportPolicy(0xc001a29410, {0xaf02918, 0xc004509920}, {{0xaf03670, 0xc0032e4180}, {0xc003eb5ab5, 0xb}, 0x3, 0x0, 0x0, ...}, ...)
	    /home/cipherboy/GitHub/cipherboy/vault/sdk/helper/keysutil/lock_manager.go:517 +0x38a

This is unfortunate and doesn't reveal the cause of the failure: input
was not provided in PEM format, per docs.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix additional PEM decode without error check

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-09-05 14:32:20 +00:00
..
database Bump google.golang.go/protobuf dependency to v1.31.0 (#22176) 2023-08-02 17:19:16 +00:00
framework events: Add full api_path; rename Send (#22487) 2023-08-23 15:11:22 -07:00
helper Fix transit panic with invalid PEM (#22753) 2023-09-05 14:32:20 +00:00
logical reduce calls to DetermineRoleFromLoginRequest from 3 to 1 for aws auth method (#22583) 2023-08-28 16:01:07 -05:00
physical add autoloaded license path to the cache exempt list (#22363) 2023-08-16 13:31:02 +00:00
plugin events: Add full api_path; rename Send (#22487) 2023-08-23 15:11:22 -07:00
queue adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
go.mod Support running plugins in isolated containers (#22712) 2023-09-01 17:55:17 +00:00
go.sum Support running plugins in isolated containers (#22712) 2023-09-01 17:55:17 +00:00
LICENSE [COMPLIANCE] License changes (#22290) 2023-08-10 18:14:03 -07:00
README.md Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00

README.md

Vault SDK libs

This package provides the sdk package which contains code useful for developing Vault plugins.

Although we try not to break functionality, we reserve the right to reorganize the code at will and may occasionally cause breaks if they are warranted. As such we expect the tag of this module will stay less than v1.0.0.

For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.