Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal Server Error when access is granted with deploy-key #17412

Closed
rogue73 opened this issue Oct 23, 2021 · 5 comments · Fixed by #17434
Closed

Internal Server Error when access is granted with deploy-key #17412

rogue73 opened this issue Oct 23, 2021 · 5 comments · Fixed by #17434
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented issue/regression Indicates a previously functioning feature or behavior that has broken or regressed after a change type/bug

Comments

@rogue73
Copy link

rogue73 commented Oct 23, 2021

Gitea Version

1.15.5

Git Version

2.20.1

Operating System

Debian 10

How are you running Gitea?

pre-build binary gitea-1.15.5-linux-amd64

Database

SQLite

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

After update from 1.15.4 to 1.15.5 i noticed that access to the repository with ssh and ssh-keys configured in
Settings -> Deploy Keys
returns a Internal Server Error

Log (git client)
git clone --single-branch --branch master git@myserver:myuser/giteatest.git /tmp/test
Cloning into '/tmp/test'...
Warning: Permanently added 'myserver,myip' (ECDSA) to the list of known hosts.
Gitea: Internal Server Error
Gitea: Internal Server Error
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Log from gitea:

Oct 23 14:41:42 gitea[13029]: 2021/10/23 14:41:42 Started GET /api/internal/serv/command/13/myuser/giteatest?mode=1&verb=git-upload-pack for [::1]:47392
Oct 23 14:41:42 gitea[13029]: 2021/10/23 14:41:42 Completed GET /api/internal/serv/command/13/myuser/giteatest?mode=1&verb=git-upload-pack 500 Internal Server Error in 2.907278ms
Oct 23 14:41:42 gitea[13029]: 2021/10/23 14:41:42 Started POST /api/internal/ssh/log for [::1]:47394
Oct 23 14:41:42 gitea[13029]: 2021/10/23 14:41:42 Completed POST /api/internal/ssh/log 200 OK in 141.16µs

If i add the same ssh-key to my user profile instead of put it to the deploy keys it is possible to clone this repository.

BR
Stefan

Screenshots

No response
@lunny
Copy link
Member

lunny commented Oct 23, 2021

Could you change RUN_MODE=dev, restart gitea and give the detail log?

@rogue73
Copy link
Author

rogue73 commented Oct 23, 2021
edited by wxiaoguang
Loading

in dev mode i get the same four lines in gitea journal

Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 cmd/web.go:102:runWeb() [I] Starting Gitea on PID: 15209
Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 cmd/web.go:146:runWeb() [I] Global init
Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 routers/init.go:74:GlobalInit() [I] Git Version: 2.20.1, Wire Protocol Version 2 Enabled
Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 routers/init.go:77:GlobalInit() [I] AppPath: /usr/local/bin/gitea
Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 routers/init.go:78:GlobalInit() [I] AppWorkPath: /var/lib/gitea
Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 routers/init.go:79:GlobalInit() [I] Custom path: /var/lib/gitea/custom
Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 routers/init.go:80:GlobalInit() [I] Log path: /var/lib/gitea/log
Oct 23 15:33:57  gitea[15209]: 2021/10/23 15:33:57 routers/init.go:81:GlobalInit() [I] Run Mode: Dev
Oct 23 15:34:01  gitea[15209]: 2021/10/23 15:34:01 Started GET /user/events for 127.0.0.1:58320
**Oct 23 15:34:08  gitea[15209]: 2021/10/23 15:34:08 Started GET /api/internal/serv/command/13/myuser/giteatest?mode=1&verb=git-upload-pack for [::1]:48752
Oct 23 15:34:08  gitea[15209]: 2021/10/23 15:34:08 Completed GET /api/internal/serv/command/13/myuser/giteatest?mode=1&verb=git-upload-pack 500 Internal Server Error in 3.577164ms
Oct 23 15:34:08  gitea[15209]: 2021/10/23 15:34:08 Started POST /api/internal/ssh/log for [::1]:48754
Oct 23 15:34:08  gitea[15209]: 2021/10/23 15:34:08 Completed POST /api/internal/ssh/log 200 OK in 213.226µs**

The git client gives me a little bit more infomation

git clone --single-branch --branch master git@myserver:myuser/giteatest.git /tmp/test
Cloning into '/tmp/test'...
Warning: Permanently added '' (ECDSA) to the list of known hosts.
**Gitea: Internal Server Error
readObjectStart: expect { or n, but found P, error found in #1 byte of ...|PANIC: runt|..., bigger context ...|PANIC: runtime error: invalid memory address or nil|...**
Gitea: Internal Server Error
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

And here is the matching part of gitea.log file

2021/10/23 15:33:57 cmd/web.go:196:listen() [I] Listen: http://0.0.0.0:3000
2021/10/23 15:33:57 cmd/web.go:199:listen() [I] LFS server enabled
2021/10/23 15:33:57 ...s/graceful/server.go:62:NewServer() [I] Starting new Web server: tcp:0.0.0.0:3000 on PID: 15209
2021/10/23 15:34:01 models/user.go:1370:getUserByID() [I] [SQL] SELECT `id`, `lower_name`, `name`, `full_name`, `email`, `keep_email_private`, `email_notifications_preference`, `passwd`, `passwd_hash_algo`, `must_change_password`, `login_type`, `login_source`, `login_name`, `type`, `location`, `website`, `rands`, `salt`, `language`, `description`, `created_unix`, `updated_unix`, `last_login_unix`, `last_repo_visibility`, `max_repo_creation`, `is_active`, `is_admin`, `is_restricted`, `allow_git_hook`, `allow_import_local`, `allow_create_organization`, `prohibit_login`, `avatar`, `avatar_email`, `use_custom_avatar`, `num_followers`, `num_following`, `num_stars`, `num_repos`, `num_teams`, `num_members`, `visibility`, `repo_admin_change_team_access`, `diff_view_style`, `theme`, `keep_activity_private` FROM `user` WHERE `id`=? LIMIT 1 [2] - 188.589µs
2021/10/23 15:34:01 ...s/issue_stopwatch.go:73:hasUserStopwatch() [I] [SQL] SELECT `id`, `issue_id`, `user_id`, `created_unix` FROM `stopwatch` WHERE (user_id = ?) LIMIT 1 [2] - 68.139µs
2021/10/23 15:34:07 ...dels/notification.go:739:GetUIDsAndNotificationCounts() [I] [SQL] SELECT user_id, count(*) AS count FROM notification WHERE user_id IN (SELECT user_id FROM notification WHERE updated_unix >= ? AND updated_unix < ?) AND status = ? GROUP BY user_id [1634996035 1634996045 1] - 328.582µs
2021/10/23 15:34:08 ...rm.io/xorm/engine.go:1139:Get() [I] [SQL] SELECT `id`, `lower_name`, `name`, `full_name`, `email`, `keep_email_private`, `email_notifications_preference`, `passwd`, `passwd_hash_algo`, `must_change_password`, `login_type`, `login_source`, `login_name`, `type`, `location`, `website`, `rands`, `salt`, `language`, `description`, `created_unix`, `updated_unix`, `last_login_unix`, `last_repo_visibility`, `max_repo_creation`, `is_active`, `is_admin`, `is_restricted`, `allow_git_hook`, `allow_import_local`, `allow_create_organization`, `prohibit_login`, `avatar`, `avatar_email`, `use_custom_avatar`, `num_followers`, `num_following`, `num_stars`, `num_repos`, `num_teams`, `num_members`, `visibility`, `repo_admin_change_team_access`, `diff_view_style`, `theme`, `keep_activity_private` FROM `user` WHERE `lower_name`=? LIMIT 1 [myuser] - 265.962µs
2021/10/23 15:34:08 ...rm.io/xorm/engine.go:1139:Get() [I] [SQL] SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `num_projects`, `num_closed_projects`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `trust_model`, `avatar`, `created_unix`, `updated_unix` FROM `repository` WHERE `owner_id`=? AND `lower_name`=? LIMIT 1 [2 giteatest] - 132.602µs
2021/10/23 15:34:08 models/ssh_key.go:564:GetPublicKeyByID() [I] [SQL] SELECT `id`, `owner_id`, `name`, `fingerprint`, `content`, `mode`, `type`, `login_source_id`, `created_unix`, `updated_unix` FROM `public_key` WHERE `id`=? LIMIT 1 [13] - 88.815µs
2021/10/23 15:34:08 ...rm.io/xorm/engine.go:1139:Get() [I] [SQL] SELECT `id`, `key_id`, `repo_id`, `name`, `fingerprint`, `mode`, `created_unix`, `updated_unix` FROM `deploy_key` WHERE `key_id`=? AND `repo_id`=? LIMIT 1 [13 64] - 45.968µs
2021/10/23 15:34:08 ...common/middleware.go:64:1() [E] PANIC: runtime error: invalid memory address or nil pointer dereference
        /usr/local/go/src/runtime/panic.go:212 (0x43e13a)
        /usr/local/go/src/runtime/signal_unix.go:734 (0x458112)
        /source/routers/private/serv.go:285 (0x21aed4d)
        /source/modules/web/route.go:76 (0x203389b)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/vendor/github.com/go-chi/chi/mux.go:436 (0x16f6fca)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/routers/private/internal.go:31 (0x21b0f24)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/modules/context/private.go:42 (0x17196ef)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/vendor/github.com/go-chi/chi/mux.go:70 (0x16f4b2a)
        /source/vendor/github.com/go-chi/chi/mux.go:311 (0x16faf1b)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/vendor/github.com/go-chi/chi/mux.go:436 (0x16f6fca)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/routers/common/middleware.go:72 (0x205bb1d)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/routers/common/logger.go:23 (0x205ad5b)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/vendor/github.com/go-chi/chi/middleware/strip.go:30 (0x2057947)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/vendor/github.com/chi-middleware/proxy/middleware.go:37 (0x2052fae)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/routers/common/middleware.go:25 (0x205b65c)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /source/vendor/github.com/go-chi/chi/mux.go:87 (0x16f48b0)
        /source/modules/web/route.go:318 (0x2032c13)
        /source/vendor/github.com/gorilla/context/context.go:141 (0x120c2b3)
        /usr/local/go/src/net/http/server.go:2049 (0x7bd1c3)
        /usr/local/go/src/net/http/server.go:2867 (0x7c0782)
        /usr/local/go/src/net/http/server.go:1932 (0x7bbcac)
        /usr/local/go/src/runtime/asm_amd64.s:1371 (0x47aa80)
        
2021/10/23 15:34:11 ...s/issue_stopwatch.go:51:GetUserStopwatches() [I] [SQL] SELECT `id`, `issue_id`, `user_id`, `created_unix` FROM `stopwatch` WHERE (stopwatch.user_id = ?) [2] - 255.383µs
2021/10/23 15:34:17 ...dels/notification.go:739:GetUIDsAndNotificationCounts() [I] [SQL] SELECT user_id, count(*) AS count FROM notification WHERE user_id IN (SELECT user_id FROM notification WHERE updated_unix >= ? AND updated_unix < ?) AND status = ? GROUP BY user_id [1634996045 1634996055 1] - 231.37µs

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Oct 24, 2021
edited
Loading

The crash is introduced by #17373 (Ensure correct SSH permissions check for private and restricted users), code for routers/private/serv.go:285 is user.IsRestricted

When checking with a deploy key, the user seems to be nil.

@wxiaoguang wxiaoguang added type/bug issue/regression Indicates a previously functioning feature or behavior that has broken or regressed after a change issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented labels Oct 24, 2021
@zeripath
Copy link
Contributor

damn! Sorry!

zeripath added a commit to zeripath/gitea that referenced this issue Oct 25, 2021
@zeripath
Prevent panic in serv.go with Deploy Keys
931965c 
Unfortunately there was a regression in go-gitea#17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix go-gitea#17412

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath mentioned this issue Oct 25, 2021
Merged
zeripath added a commit to zeripath/gitea that referenced this issue Oct 25, 2021
@zeripath
Prevent panic in serv.go with Deploy Keys (go-gitea#17434)
fcfe5a6 
Backport go-gitea#17434

Unfortunately there was a regression in go-gitea#17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix go-gitea#17412

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath mentioned this issue Oct 25, 2021
Merged
6543 pushed a commit that referenced this issue Oct 25, 2021
@zeripath
Prevent panic in serv.go with Deploy Keys (#17434)
849356d 
Unfortunately there was a regression in #17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix #17412

Signed-off-by: Andrew Thornton <[email protected]>
6543 pushed a commit that referenced this issue Oct 25, 2021
@zeripath
Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
dd1ba34 
Backport #17434

Unfortunately there was a regression in #17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix #17412

Signed-off-by: Andrew Thornton <[email protected]>
@tik-stbuehler
Copy link

This is a rather major regression. Can we get a quick bugfix release for that please?

I had to downgrade to 1.15.4, but 1.15.5 / #17373 are security relevant too...

Chianina pushed a commit to Chianina/gitea that referenced this issue Mar 28, 2022
@zeripath
Prevent panic in serv.go with Deploy Keys (go-gitea#17434)
66a032d 
Unfortunately there was a regression in go-gitea#17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix go-gitea#17412

Signed-off-by: Andrew Thornton <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented issue/regression Indicates a previously functioning feature or behavior that has broken or regressed after a change type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prevent panic in serv.go with Deploy Keys zeripath/gitea
5 participants
@lunny @zeripath @wxiaoguang @tik-stbuehler @rogue73