Fix null token type bug (#13236)

* Fixed null token panic from 'v1/auth/token/' endpoints and returned proper error response * Fixed panic resulting from null token_type in /auth/token/roles/{role_name} to returne proper error response * added changelog entry for PR #13236 * edit changelog entry for PR #13236
2021-12-06 09:38:53 -08:00 · 2021-12-06 09:38:53 -08:00 · bcd29f2b68
parent b59f8b8b4c
commit bcd29f2b68
3 changed files with 9 additions and 0 deletions
--- a/changelog/13236.txt
+++ b/changelog/13236.txt
@ -0,0 +1,3 @@
+```release-note:bug
+core/token: Fix null token_type panic resulting from 'v1/auth/token/roles/{role_name}' endpoint
+```
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@ -543,6 +543,9 @@ func (c *Core) handleCancelableRequest(ctx context.Context, req *logical.Request
 				}
 				break
 			}
+			if token == nil {
+				return logical.ErrorResponse("bad token"), logical.ErrPermissionDenied
+			}
 			_, nsID := namespace.SplitIDFromString(token.(string))
 			if nsID != "" {
 				ns, err := NamespaceByID(ctx, nsID, c)
--- a/vault/token_store.go
+++ b/vault/token_store.go
@ -3348,6 +3348,9 @@ func (ts *TokenStore) tokenStoreRoleCreateUpdate(ctx context.Context, req *logic
 	oldEntryTokenType := entry.TokenType
 	if tokenTypeRaw, ok := data.Raw["token_type"]; ok {
 		tokenTypeStr = new(string)
+		if tokenTypeRaw == nil {
+			return logical.ErrorResponse("Invalid 'token_type' value: null"), nil
+		}
 		*tokenTypeStr = tokenTypeRaw.(string)
 		delete(data.Raw, "token_type")
 		entry.TokenType = logical.TokenTypeDefault