From 48987ce052db7d7c5d8e76200237d0b52048d7c1 Mon Sep 17 00:00:00 2001 From: Tom Proctor Date: Wed, 30 Nov 2022 17:59:05 +0000 Subject: [PATCH] Add stack trace to audit logging panic recovery (#18121) --- changelog/18121.txt | 3 +++ vault/audit_broker.go | 5 +++-- vault/request_forwarding_rpc.go | 8 ++------ 3 files changed, 8 insertions(+), 8 deletions(-) create mode 100644 changelog/18121.txt diff --git a/changelog/18121.txt b/changelog/18121.txt new file mode 100644 index 000000000..e16224785 --- /dev/null +++ b/changelog/18121.txt @@ -0,0 +1,3 @@ +```release-note:improvement +audit: Include stack trace when audit logging recovers from a panic. +``` diff --git a/vault/audit_broker.go b/vault/audit_broker.go index 7389cb568..7559a5e68 100644 --- a/vault/audit_broker.go +++ b/vault/audit_broker.go @@ -3,6 +3,7 @@ package vault import ( "context" "fmt" + "runtime/debug" "sync" "time" @@ -105,7 +106,7 @@ func (a *AuditBroker) LogRequest(ctx context.Context, in *logical.LogInput, head defer func() { if r := recover(); r != nil { - a.logger.Error("panic during logging", "request_path", in.Request.Path, "error", r) + a.logger.Error("panic during logging", "request_path", in.Request.Path, "error", r, "stacktrace", string(debug.Stack())) retErr = multierror.Append(retErr, fmt.Errorf("panic generating audit log")) } @@ -176,7 +177,7 @@ func (a *AuditBroker) LogResponse(ctx context.Context, in *logical.LogInput, hea defer func() { if r := recover(); r != nil { - a.logger.Error("panic during logging", "request_path", in.Request.Path, "error", r) + a.logger.Error("panic during logging", "request_path", in.Request.Path, "error", r, "stacktrace", string(debug.Stack())) retErr = multierror.Append(retErr, fmt.Errorf("panic generating audit log")) } diff --git a/vault/request_forwarding_rpc.go b/vault/request_forwarding_rpc.go index 281d9192b..42e4bb462 100644 --- a/vault/request_forwarding_rpc.go +++ b/vault/request_forwarding_rpc.go @@ -4,7 +4,7 @@ import ( "context" "net/http" "os" - "runtime" + "runtime/debug" "sync/atomic" "time" @@ -41,12 +41,8 @@ func (s *forwardedRequestRPCServer) ForwardRequest(ctx context.Context, freq *fo runRequest := func() { defer func() { - // Logic here comes mostly from the Go source code if err := recover(); err != nil { - const size = 64 << 10 - buf := make([]byte, size) - buf = buf[:runtime.Stack(buf, false)] - s.core.logger.Error("panic serving forwarded request", "path", req.URL.Path, "error", err, "stacktrace", string(buf)) + s.core.logger.Error("panic serving forwarded request", "path", req.URL.Path, "error", err, "stacktrace", string(debug.Stack())) } }() s.handler.ServeHTTP(w, req)