Prevent panic caused by nil session recorder #10792

rosstimothy · 2022-03-03T15:35:38Z

In startInteractive the session recorder was being assigned the
return value of events.NewAuditWriter, even if it returned an
error. This causes problems because the nil *events.AuditWriter
that is returned in this case ends up being stored in recorder which
becomes a non-nil events.StreamWriter. So when the session tries
to close the check on recorder != nil is mistakenly true and recorder.Close
is called on a nil *events.AuditWriter - which results in a panic.

The same path in startExec handled this correctly, by assigning
the return value to the recorder only after checking the error. This
moves the common logic to create a session recorder used by startExec
and startInteractive into newRecorder. Both functions correctly check
the return value from newRecorder and only assign the session recorder
in the event the returned err == nil.

teleport[15368]: panic: runtime error: invalid memory address or nil pointer dereference
teleport[15368]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x100 pc=0x112968e]
teleport[15368]: goroutine 3890290 [running]:
teleport[15368]: github.com/gravitational/teleport/lib/events.(*AuditWriter).Close(0x0, {0x4, 0x4299365})
teleport[15368]:         /go/src/github.com/gravitational/teleport/lib/events/auditwriter.go:377 +0x2e
teleport[15368]: github.com/gravitational/teleport/lib/srv.(*session).Close.func1.1()
teleport[15368]:         /go/src/github.com/gravitational/teleport/lib/srv/sess.go:637 +0xbe
teleport[15368]: created by github.com/gravitational/teleport/lib/srv.(*session).Close.func1
teleport[15368]:         /go/src/github.com/gravitational/teleport/lib/srv/sess.go:631 +0x73
systemd[1]: teleport.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: teleport.service: Failed with result 'exit-code'.

In startInteractive the session recorder was being assigned the return value of events.NewAuditWriter, even if it returned an error. This causes problems because the nil *events.AuditWriter that is returned in this case ends up being stored in recorder as a non-nil events.StreamWriter. So when the session tries to close the check on recorder != nil is mistakenly true and recorder.Close is called on a nil *events.AuditWriter - which results in a panic.

lib/srv/sess_test.go

* Prevent panic caused by nil session recorder In startInteractive the session recorder was being assigned the return value of events.NewAuditWriter, even if it returned an error. This causes problems because the nil *events.AuditWriter that is returned in this case ends up being stored in recorder as a non-nil events.StreamWriter. So when the session tries to close the check on recorder != nil is mistakenly true and recorder.Close is called on a nil *events.AuditWriter - which results in a panic.

In startInteractive the session recorder was being assigned the return value of events.NewAuditWriter, even if it returned an error. This causes problems because the nil *events.AuditWriter that is returned in this case ends up being stored in recorder as a non-nil events.StreamWriter. So when the session tries to close the check on recorder != nil is mistakenly true and recorder.Close is called on a nil *events.AuditWriter - which results in a panic.

* Prevent panic caused by nil session recorder In startInteractive the session recorder was being assigned the return value of events.NewAuditWriter, even if it returned an error. This causes problems because the nil *events.AuditWriter that is returned in this case ends up being stored in recorder as a non-nil events.StreamWriter. So when the session tries to close the check on recorder != nil is mistakenly true and recorder.Close is called on a nil *events.AuditWriter - which results in a panic.

github-actions bot requested review from gabrielcorado and smallinsky March 3, 2022 15:36

rosstimothy force-pushed the tross/fix_audit_writer_panic branch from 28d7b4c to 317b9d0 Compare March 3, 2022 15:38

gabrielcorado approved these changes Mar 3, 2022

View reviewed changes

Merge branch 'master' into tross/fix_audit_writer_panic

c6d70d9

smallinsky approved these changes Mar 4, 2022

View reviewed changes

lib/srv/sess_test.go Outdated Show resolved Hide resolved

rosstimothy and others added 3 commits March 4, 2022 16:11

remove static type assertion

d1125d2

Merge branch 'master' into tross/fix_audit_writer_panic

54b9966

Merge branch 'master' into tross/fix_audit_writer_panic

e2eed14

rosstimothy merged commit d03087c into master Mar 4, 2022

rosstimothy deleted the tross/fix_audit_writer_panic branch March 4, 2022 22:00

rosstimothy mentioned this pull request Mar 4, 2022

[v9] Backport #10792 #10874

Merged

rosstimothy mentioned this pull request Mar 4, 2022

[V8] backport 10792 #10875

Merged

rosstimothy added the backport-required label Mar 4, 2022

rosstimothy mentioned this pull request Mar 4, 2022

[V7] backport 10792 #10876

Merged

webvictim mentioned this pull request Apr 19, 2022

opened in error #12068

Closed

webvictim mentioned this pull request Jun 8, 2022

Opened in error #13285

Closed

alexatcanva mentioned this pull request Oct 13, 2022

BUGFIX | Fix Teleport ALPN Proxy not being HTTP CONNECT Proxy Aware alexatcanva/teleport#30

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent panic caused by nil session recorder #10792

Prevent panic caused by nil session recorder #10792

rosstimothy commented Mar 3, 2022

Prevent panic caused by nil session recorder #10792

Prevent panic caused by nil session recorder #10792

Conversation

rosstimothy commented Mar 3, 2022