luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

vault-agent: copy values retrieved from bolt (#12534) 

Byte slices returned from Bolt are only valid during a transaction, so
this makes a copy.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
This commit is contained in:
Theron Voran 2021-09-13 11:06:08 -07:00 committed by GitHub
parent f850ba08a5
commit ae0bda77b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/12534.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
agent: Avoid possible `unexpected fault address` panic when using persistent cache.
```

12
command/agent/cache/cacheboltdb/bolt.go vendored
View File

@ -219,7 +219,11 @@ func (b *BoltStorage) GetAutoAuthToken(ctx context.Context) ([]byte, error) {
if meta == nil { if meta == nil {
return fmt.Errorf("bucket %q not found", metaBucketName) return fmt.Errorf("bucket %q not found", metaBucketName)
} }
encryptedToken = meta.Get([]byte(AutoAuthToken)) value := meta.Get([]byte(AutoAuthToken))
if value != nil {
encryptedToken = make([]byte, len(value))
copy(encryptedToken, value)
}
return nil return nil
}) })
if err != nil { if err != nil {
@ -247,7 +251,11 @@ func (b *BoltStorage) GetRetrievalToken() ([]byte, error) {
if keyBucket == nil { if keyBucket == nil {
return fmt.Errorf("bucket %q not found", metaBucketName) return fmt.Errorf("bucket %q not found", metaBucketName)
} }
token = keyBucket.Get([]byte(RetrievalTokenMaterial)) value := keyBucket.Get([]byte(RetrievalTokenMaterial))
if value != nil {
token = make([]byte, len(value))
copy(token, value)
}
return nil return nil
}) })
if err != nil { if err != nil {