vault: guard against potentially missing keyring

2015-07-13 18:18:22 +10:00 · 2015-07-13 18:18:22 +10:00 · ef770e371a
parent 8a4d6487f4
commit ef770e371a
1 changed files with 6 additions and 0 deletions
--- a/vault/barrier_aes_gcm.go
+++ b/vault/barrier_aes_gcm.go
@ -236,6 +236,12 @@ func (b *AESGCMBarrier) ReloadKeyring() error {
 		return fmt.Errorf("failed to check for keyring: %v", err)
 	}

+	// Ensure that the keyring exists. This should never happen,
+	// and indicates something really bad has happened.
+	if out == nil {
+		return fmt.Errorf("keyring unexpectedly missing")
+	}
+
 	// Decrypt the barrier init key
 	plain, err := b.decrypt(gcm, out.Value)
 	if err != nil {