luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

fix panic in `injectSANMatcher` when `tlsContext` is `nil` (#17185)

This commit is contained in:
Eric Haberkorn 2023-04-28 16:27:57 -04:00 committed by GitHub
parent e1cff98a8f
commit 47a7e52098
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/17185.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
xds: Fix possible panic that can when generating clusters before the root certificates have been fetched.
```

4
agent/xds/clusters.go
View File

@ -1427,6 +1427,10 @@ func (s *ResourceGenerator) makeExportedUpstreamClustersForMeshGateway(cfgSnap *
// injectSANMatcher updates a TLS context so that it verifies the upstream SAN. // injectSANMatcher updates a TLS context so that it verifies the upstream SAN.
func injectSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, matchStrings ...string) error { func injectSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, matchStrings ...string) error {
if tlsContext == nil {
return fmt.Errorf("invalid type: expected CommonTlsContext_ValidationContext not to be nil")
}
validationCtx, ok := tlsContext.ValidationContextType.(*envoy_tls_v3.CommonTlsContext_ValidationContext) validationCtx, ok := tlsContext.ValidationContextType.(*envoy_tls_v3.CommonTlsContext_ValidationContext)
if !ok { if !ok {
return fmt.Errorf("invalid type: expected CommonTlsContext_ValidationContext, got %T", return fmt.Errorf("invalid type: expected CommonTlsContext_ValidationContext, got %T",