Skip to content
This repository has been archived by the owner on Dec 15, 2020. It is now read-only.

Improper error handling for parsing of certificate PEM in fleetctl #2338

Open
zwass opened this issue Oct 23, 2020 · 3 comments
Open

Improper error handling for parsing of certificate PEM in fleetctl #2338

zwass opened this issue Oct 23, 2020 · 3 comments
Labels
Bug Feature: CLI

Comments

@zwass
Copy link
Contributor

zwass commented Oct 23, 2020

In https://github.com/kolide/fleet/blob/master/server/service/client.go#L53 we use errors.Wrap inside a statement that returns only a bool error status. errors.Wrap returns nil if the provided error is nil. If execution has made it to this point, the err variable is certain to be nil.

The function returns nil, nil, leading to a segfault later when the client is used.
@zwass
Copy link
Contributor Author

zwass commented Oct 23, 2020
edited
Loading

Theory is that this is the cause of Slack user @Miguel's issue in https://osquery.slack.com/archives/C1XCLA5DZ/p1603363866247800

[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xa4d1c9]
goroutine 1 [running]:
github.com/kolide/fleet/server/service.(*Client).url(...)
        /Users/zwass/dev/fleet/server/service/client.go:128
github.com/kolide/fleet/server/service.(*Client).doWithHeaders(0x0, 0xc0c65a, 0x4, 0xc1934b, 0x14, 0xb7a320, 0xc000440000, 0xc00033c780, 0x5, 0x2000, ...)
        /Users/zwass/dev/fleet/server/service/client.go:87 +0x69
github.com/kolide/fleet/server/service.(*Client).Do(0x0, 0xc0c65a, 0x4, 0xc1934b, 0x14, 0xb7a320, 0xc000440000, 0x4824fc, 0x18205e0, 0xc0000f2280)
        /Users/zwass/dev/fleet/server/service/client.go:106 +0x19b
github.com/kolide/fleet/server/service.(*Client).Login(0x0, 0x10b6aa8, 0x1, 0x10b6aa8, 0x1, 0x0, 0x0, 0x0, 0x0)
        /Users/zwass/dev/fleet/server/service/client_sessions.go:18 +0xfe
main.loginCommand.func1(0xc0000cef20, 0x0, 0xc0000cef20)
        /Users/zwass/dev/fleet/cmd/fleetctl/login.go:70 +0xc6
github.com/urfave/cli.HandleAction(0xb1f700, 0xc0001eafa0, 0xc0000cef20, 0xc0000a9800, 0x0)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/app.go:490 +0x82
github.com/urfave/cli.Command.Run(0xc0d5c9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1a218, 0x15, 0xc3dc2d, ...)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/command.go:210 +0x9fb
github.com/urfave/cli.(*App).Run(0xc000204b60, 0xc00009a020, 0x2, 0x2, 0x0, 0x0)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/app.go:255 +0x768
github.com/urfave/cli.(*App).RunAndExitOnError(0xc000204b60)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/app.go:276 +0x53
main.main()
        /Users/zwass/dev/fleet/cmd/fleetctl/fleetctl.go:44 +0x828

@zwass
Copy link
Contributor Author

zwass commented Oct 23, 2020

User confirmed that changing the RootCA configuration fixed the segfault.

Fixing this error handling should prevent others from seeing segfaults under similar circumstances.

@noahtalerman
Copy link
Contributor

Steps to reproduce. More from Miguel's issue:

I have Kolide Fleet 3.2.0 installed on CentOS 7.8.2003:

fleetctl - version 3.2.0
  branch:       master
  revision:     07534c766beb7bf9a022d29572d88493ecef8f7c
  build date:   2020-10-08T19:25:24Z
  build user:   zwass
  go version:   go1.15
fleet version
fleet version 3.2.0

From the same server run:
fleetctl login

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Bug Feature: CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zwass @noahtalerman