Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix panic due to metadata being nil #4719

Merged
merged 10 commits into from
Jun 11, 2018
Merged

Fix panic due to metadata being nil #4719

merged 10 commits into from
Jun 11, 2018

Conversation

vishalnayak
Copy link
Member

@vishalnayak vishalnayak commented Jun 7, 2018
edited
Loading

Fixes #4716

@vishalnayak vishalnayak added this to the 0.10.3 milestone Jun 7, 2018
@calvn
Copy link
Member

calvn commented Jun 7, 2018
edited
Loading

LGTM , but probably worth adding a test case for this.

Update: Missed your todo.

jefferai
jefferai reviewed Jun 7, 2018
View reviewed changes
builtin/credential/approle/path_login.go
@@ -83,7 +83,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return logical.ErrorResponse("invalid role ID"), nil
}

var metadata map[string]string
metadata := make(map[string]string)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the secret id case, we unilaterally assign to metadata, which means we should still add a nil map check before writing in the role name in case that ever is (or might become with future revisions) nil.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Secret IDs constructor is initializing the map. So, it is unlikely that metadata is nil. But still, I've added a nil check before assigning the role_name.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that we have the nil check below, allocating the map isn't strictly necessary but I'm good either way :)

jefferai
jefferai reviewed Jun 8, 2018
View reviewed changes
builtin/credential/approle/path_login.go Outdated
@@ -262,7 +262,9 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
}

// Always include the role name, for later filtering
metadata["role_name"] = role.name
if metadata != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes the comment not actually be correct. If metadata is nil, you don't actually end up with a map with role_name. So either this is best effort, or if it's nil you need to create a map with role_name in it.

jefferai
jefferai previously approved these changes Jun 11, 2018
View reviewed changes
calvn
calvn previously approved these changes Jun 11, 2018
View reviewed changes
builtin/credential/approle/path_login.go
@@ -83,7 +83,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return logical.ErrorResponse("invalid role ID"), nil
}

var metadata map[string]string
metadata := make(map[string]string)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that we have the nil check below, allocating the map isn't strictly necessary but I'm good either way :)

@vishalnayak vishalnayak dismissed stale reviews from calvn and jefferai via 5ee44f2 June 11, 2018 15:06
@vishalnayak
Copy link
Member Author

@calvn I think its a good observation. There really is no reason to have an unnecessary allocation in a hot path. Removed it.

calvn
calvn previously approved these changes Jun 11, 2018
View reviewed changes
@jefferai
Copy link
Member

@vishalnayak It's not unnecessary. I'd leave it up above. If it's already allocated the below check will skip, but it provides a measure of safety in case the intervening code modifies it (say, from the bound cidr code) without checking to see if it's nil or not.

@vishalnayak vishalnayak merged commit 0c83eae into master Jun 11, 2018
@vishalnayak vishalnayak deleted the approle-metadata-fix branch June 11, 2018 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jefferai jefferai jefferai left review comments

@calvn calvn calvn left review comments

@chrishoffman chrishoffman Awaiting requested review from chrishoffman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.10.3
Development

Successfully merging this pull request may close these issues.
3 participants
@vishalnayak @calvn @jefferai