Address a nil panic when writing an empty POST request to the ocsp handler (#18184)
* Address a nil panic when writing an empty POST request to the ocsp handler - Seems when no JSON body is sent with a POST request Vault will not populate the HTTPRequest member variable which caused the nil panic - vault write -force pki/ocsp - Add a check for it and the Body member variable to be nil before use. * Add cl
This commit is contained in:
Steven Clark
GitHub
parent
05aeab2752
commit
826e87884e
|
|
@ -218,7 +218,15 @@ func fetchDerEncodedRequest(request *logical.Request, data *framework.FieldData)
|
||||||
return base64.StdEncoding.DecodeString(base64Req)
|
return base64.StdEncoding.DecodeString(base64Req)
|
||||||
case logical.UpdateOperation:
|
case logical.UpdateOperation:
|
||||||
// POST bodies should contain the binary form of the DER request.
|
// POST bodies should contain the binary form of the DER request.
|
||||||
|
// NOTE: Writing an empty update request to Vault causes a nil request.HTTPRequest, and that object
|
||||||
|
// says that it is possible for its Body element to be nil as well, so check both just in case.
|
||||||
|
if request.HTTPRequest == nil {
|
||||||
|
return nil, errors.New("no data in request")
|
||||||
|
}
|
||||||
rawBody := request.HTTPRequest.Body
|
rawBody := request.HTTPRequest.Body
|
||||||
|
if rawBody == nil {
|
||||||
|
return nil, errors.New("no data in request body")
|
||||||
|
}
|
||||||
defer rawBody.Close()
|
defer rawBody.Close()
|
||||||
|
|
||||||
requestBytes, err := io.ReadAll(io.LimitReader(rawBody, maximumRequestSize))
|
requestBytes, err := io.ReadAll(io.LimitReader(rawBody, maximumRequestSize))
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug
|
||||||
|
secrets/pki: Address nil panic when an empty POST request is sent to the OCSP handler
|
||||||
|
```
|
||||||
Loading…
Reference in New Issue