luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Fix panic when logging in to userpass without a valid user (#7160)

Browse source
This commit is contained in:
Jeff Mitchell 2019-07-22 12:27:28 -04:00 committed by GitHub
parent 3b22ab2486
commit 2f41018df8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
builtin/credential/userpass/path_login.go
View file

@ -64,11 +64,6 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
// Get the user and validate auth // Get the user and validate auth
user, userError := b.user(ctx, req.Storage, username) user, userError := b.user(ctx, req.Storage, username)
// Check for a CIDR match.
if !cidrutil.RemoteAddrIsOk(req.Connection.RemoteAddr, user.TokenBoundCIDRs) {
return nil, logical.ErrPermissionDenied
}
var userPassword []byte var userPassword []byte
var legacyPassword bool var legacyPassword bool
// If there was an error or it's nil, we fake a password for the bcrypt // If there was an error or it's nil, we fake a password for the bcrypt
@ -108,6 +103,11 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
return logical.ErrorResponse("invalid username or password"), nil return logical.ErrorResponse("invalid username or password"), nil
} }
// Check for a CIDR match.
if !cidrutil.RemoteAddrIsOk(req.Connection.RemoteAddr, user.TokenBoundCIDRs) {
return nil, logical.ErrPermissionDenied
}
auth := &logical.Auth{ auth := &logical.Auth{
Metadata: map[string]string{ Metadata: map[string]string{
"username": username, "username": username,