Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error "slice bounds out of range" with LDAP SSH keys #5975

Closed
silverwind opened this issue Feb 6, 2019 · 5 comments · Fixed by #5984
Closed

Error "slice bounds out of range" with LDAP SSH keys #5975

silverwind opened this issue Feb 6, 2019 · 5 comments · Fixed by #5984
Labels
type/bug
Milestone
1.7.2

Comments

@silverwind
Copy link
Member

silverwind commented Feb 6, 2019
edited
Loading

  • Gitea version (or commit ref): 0c721fe

I have a LDAP auth source and a user that has no SSH public keys on LDAP. When I add the attribute 'sshPublicKey' to the authentication source, the user can no longer log in on the web interface and the following panic is logged in gitea.log. If I remove the LDAP attribute, the user is again able to log in. I assume that case of empty sshPublicKey result may not be handled properly around user.go:1504.

PANIC:: runtime error: slice bounds out of range
/usr/lib/golang/src/runtime/panic.go:513 (0x42def8)
        gopanic: reflectcall(nil, unsafe.Pointer(d.fn), deferArgs(d), uint32(d.siz), uint32(d.siz))
/usr/lib/golang/src/runtime/panic.go:54 (0x42ce69)
        panicslice: panic(sliceError)
gitea/models/user.go:1504 (0x100d850)
gitea/models/login_source.go:399 (0xf89dd9)
gitea/models/login_source.go:605 (0xf8afa8)
gitea/models/login_source.go:662 (0xf8b5ec)
gitea/routers/user/auth.go:156 (0x117dd8a)
/usr/lib/golang/src/runtime/asm_amd64.s:523 (0x45c82a)
        call64: CALLFN(·call64, 64)
/usr/lib/golang/src/reflect/value.go:447 (0x4c47a3)
        Value.call: call(frametype, fn, args, uint32(frametype.size), uint32(retOffset))
/usr/lib/golang/src/reflect/value.go:308 (0x4c4233)
        Value.Call: return v.call("Call", in)
gitea/vendor/github.com/go-macaron/inject/inject.go:177 (0x9648b3)
gitea/vendor/github.com/go-macaron/inject/inject.go:137 (0x964219)
gitea/vendor/gopkg.in/macaron.v1/context.go:121 (0x9924a0)
gitea/vendor/gopkg.in/macaron.v1/context.go:112 (0x9923be)
gitea/modules/context/panic.go:40 (0x10b5543)
/usr/lib/golang/src/runtime/asm_amd64.s:522 (0x45c7aa)
        call32: CALLFN(·call32, 32)
/usr/lib/golang/src/reflect/value.go:447 (0x4c47a3)
        Value.call: call(frametype, fn, args, uint32(frametype.size), uint32(retOffset))
/usr/lib/golang/src/reflect/value.go:308 (0x4c4233)
        Value.Call: return v.call("Call", in)
gitea/vendor/github.com/go-macaron/inject/inject.go:177 (0x9648b3)
gitea/vendor/github.com/go-macaron/inject/inject.go:137 (0x964219)
gitea/vendor/gopkg.in/macaron.v1/context.go:121 (0x9924a0)
gitea/vendor/gopkg.in/macaron.v1/context.go:112 (0x9923be)
gitea/vendor/github.com/go-macaron/session/session.go:192 (0x9e681e)
gitea/vendor/gopkg.in/macaron.v1/context.go:79 (0x992340)
gitea/vendor/github.com/go-macaron/inject/inject.go:157 (0x9645a0)
gitea/vendor/github.com/go-macaron/inject/inject.go:135 (0x96430b)
gitea/vendor/gopkg.in/macaron.v1/context.go:121 (0x9924a0)
gitea/vendor/gopkg.in/macaron.v1/context.go:112 (0x9923be)
gitea/vendor/gopkg.in/macaron.v1/recovery.go:161 (0x9a32da)
gitea/vendor/gopkg.in/macaron.v1/logger.go:40 (0x995663)
gitea/vendor/github.com/go-macaron/inject/inject.go:157 (0x9645a0)
gitea/vendor/github.com/go-macaron/inject/inject.go:135 (0x96430b)
gitea/vendor/gopkg.in/macaron.v1/context.go:121 (0x9924a0)
gitea/vendor/gopkg.in/macaron.v1/context.go:112 (0x9923be)
gitea/vendor/gopkg.in/macaron.v1/logger.go:52 (0x9a25f0)
gitea/vendor/gopkg.in/macaron.v1/logger.go:40 (0x995663)
gitea/vendor/github.com/go-macaron/inject/inject.go:157 (0x9645a0)
gitea/vendor/github.com/go-macaron/inject/inject.go:135 (0x96430b)
gitea/vendor/gopkg.in/macaron.v1/context.go:121 (0x9924a0)
gitea/vendor/gopkg.in/macaron.v1/router.go:187 (0x9a44e7)
gitea/vendor/gopkg.in/macaron.v1/router.go:294 (0x99de16)
gitea/vendor/gopkg.in/macaron.v1/macaron.go:220 (0x9969a1)
gitea/vendor/github.com/gorilla/context/context.go:141 (0xe110ea)
/usr/lib/golang/src/net/http/server.go:1964 (0x6c1f33)
        HandlerFunc.ServeHTTP: f(w, r)
/usr/lib/golang/src/net/http/server.go:2741 (0x6c4c3a)
        serverHandler.ServeHTTP: handler.ServeHTTP(rw, req)
/usr/lib/golang/src/net/http/server.go:1847 (0x6c0f95)
        (*conn).serve: serverHandler{c.server}.ServeHTTP(w, w.req)
/usr/lib/golang/src/runtime/asm_amd64.s:1333 (0x45e4c0)
        goexit: BYTE    $0x90   // NOP
@lafriks
Copy link
Member

lafriks commented Feb 6, 2019
edited
Loading

I think it is related to #5928
edit: not related, this is different bug

@silverwind
Copy link
Member Author

Pretty sure the issue is that the LDAP result is "" and strings.Split(v, " ") results in [""] where index 2 is out of bounds.

@zeripath
Copy link
Contributor

zeripath commented Feb 6, 2019

yup that looks like that would be the problem...

@zeripath zeripath mentioned this issue Feb 6, 2019
Merged
@zeripath
Copy link
Contributor

zeripath commented Feb 6, 2019

OK I've put a PR up. I wasn't sure if you were wanting to do this.

If you can, could you test to see if there's another bug that this is being hidden by this one?

@lafriks lafriks added this to the 1.7.2 milestone Feb 7, 2019
@silverwind
Copy link
Member Author

No problem, I had the exact same fix in mind, but wanted to test it before sending a PR. Deployed the fix now and the user was able to login, thanks!

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.7.2
Development

Successfully merging a pull request may close this issue.

Fix empty ssh key importing in ldap zeripath/gitea
3 participants
@silverwind @lafriks @zeripath