Panic when token_type is null for /auth/token/roles/{role_name} #13232
Labels
Comments
|
I can take a look at this. |
heatherezell
added
core/token
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Making a POST at
/auth/token/roles/{role_name}with token_type = null results in no HTTP response and the following stacktrace:2021-11-20T22:41:52.487+0200 [INFO] http: panic serving 127.0.0.1:51337: interface conversion: interface {} is nil, not string goroutine 58 [running]: net/http.(*conn).serve.func1() /Users/runner/hostedtoolcache/go/1.17.2/x64/src/net/http/server.go:1801 +0xb9 panic({0x50a5d80, 0xc0016008d0}) /Users/runner/hostedtoolcache/go/1.17.2/x64/src/runtime/panic.go:1047 +0x266 github.com/hashicorp/vault/vault.(*TokenStore).tokenStoreRoleCreateUpdate(0xc000ad8c40, {0x6a43270, 0xc0015f1c20}, 0xc00104cd80, 0xc0015fa700) /Users/runner/work/vault/vault/vault/token_store.go:3351 +0x1fa5 github.com/hashicorp/vault/sdk/framework.(*Backend).HandleRequest(0xc000596d00, {0x6a43270, 0xc0015f1c20}, 0xc00104cd80) /Users/runner/work/vault/vault/sdk/framework/backend.go:278 +0x7ed github.com/hashicorp/vault/vault.(*Router).routeCommon(0xc00098c2d0, {0x6a43270, 0xc0015f1c20}, 0xc00104cd80, 0x0) /Users/runner/work/vault/vault/vault/router.go:708 +0x15ec github.com/hashicorp/vault/vault.(*Router).Route(...) /Users/runner/work/vault/vault/vault/router.go:505 github.com/hashicorp/vault/vault.(*Core).doRouting(0xc00081db00, {0x6a43270, 0xc0015f1c20}, 0xc000497570) /Users/runner/work/vault/vault/vault/request_handling.go:741 +0x2c github.com/hashicorp/vault/vault.(*Core).handleRequest(0xc000ade600, {0x6a43270, 0xc0015f1c20}, 0xc00104cd80) /Users/runner/work/vault/vault/vault/request_handling.go:917 +0x1192 github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest(0xc000ade600, {0x6a43270, 0xc0015f1860}, 0xc00104cd80) /Users/runner/work/vault/vault/vault/request_handling.go:609 +0x1073 github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest(0xc000ade600, {0x6a43270, 0xc0015f1680}, 0xc00104cd80, 0x0) /Users/runner/work/vault/vault/vault/request_handling.go:442 +0x4a5 github.com/hashicorp/vault/vault.(*Core).HandleRequest(...)To Reproduce
Steps to reproduce the behavior:
curlwith the below JSON{ "bound_cidrs": [ "999999999999", "999999999999" ], "period": 7, "token_num_uses": 3, "allowed_entity_aliases": [ "AAAAAAAAAAAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAAAAAAAAAAA" ], "token_explicit_max_ttl": 6, "path_suffix": "jjjjjjjjjjjjj", "token_period": 9, "orphan": true, "token_type": null, "explicit_max_ttl": 2, "token_no_default_policy": true, "disallowed_policies": [ "rrrrrrrrrrrrrrrrrrrrr", "rrrrrrrrrrrrrrrrrrrrr" ], "allowed_policies": [ "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA" ], "renewable": true, "token_bound_cidrs": [ "444444444444444444", "444444444444444444" ] }Expected behavior
A proper HTTP response: 400 with some errors details.
Environment:
This was discovered while running a fuzzing tool I wrote for OpenAPI specs: https://github.com/Endava/cats. You can replay the test using:
Test6459.json.zip
./cats.jar replay --tests="Test6459.json"This might have the same root cause as: #13225
The text was updated successfully, but these errors were encountered: