Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime error: invalid memory address or nil pointer dereference #4222

Closed
smitjainsj opened this issue Mar 30, 2018 · 2 comments
Closed

runtime error: invalid memory address or nil pointer dereference #4222

smitjainsj opened this issue Mar 30, 2018 · 2 comments
Milestone

Comments

@smitjainsj
Copy link

smitjainsj commented Mar 30, 2018

Environment:

  • Vault Version: 0.9.5
  • Operating System/Architecture: OEL 7.1, 7.2 / x86_64

Vault Config File:

storage "s3" {

access_key = "xxxxxxxxxx"
secret_key = "xxxxxxxxxxxxxxxxxxxx"
bucket = "vault-poc"
s3_force_path_style = "true"
endpoint = "http://xxxxxx.xxxx.xxxxx"
disable_ssl = "true"
region = "xxxxxx"

}

listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}

Startup Log Output:

Vault server configuration:

             Cgo: disabled
      Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled")
       Log Level: debug
           Mlock: supported: false, enabled: false
         Storage: s3
         Version: Vault v0.9.5
     Version Sha: 36edb4d42380d89a897e7f633046423240b710d9

==> Vault server started! Log data will stream in below:

2018/03/29 15:53:05.789456 [INFO ] core: security barrier not initialized
2018/03/29 15:53:06.876811 [INFO ] core: security barrier initialized: shares=1 threshold=1
2018-03-29 15:53:07.126404 I | http: panic serving 127.0.0.1:53339: runtime error: invalid memory address or nil pointer dereference
goroutine 60 [running]:
net/http.(*conn).serve.func1(0xc420426640)
/goroot/src/net/http/server.go:1697 +0xd0
panic(0x2b83920, 0x4129f90)
/goroot/src/runtime/panic.go:491 +0x283
github.com/hashicorp/vault/physical/s3.(*S3Backend).Get(0xc420584c90, 0x40c0bc0, 0xc4200140b0, 0x2f59e20, 0xc, 0x0, 0x0, 0x0)
/gopath/src/github.com/hashicorp/vault/physical/s3/s3.go:192 +0x2cd
github.com/hashicorp/vault/vault.(*sealUnwrapper).Get(0xc420583500, 0x40c0bc0, 0xc4200140b0, 0x2f59e20, 0xc, 0x0, 0x0, 0x0)
/gopath/src/github.com/hashicorp/vault/vault/sealunwrapper.go:66 +0x95
github.com/hashicorp/vault/physical.(*Cache).Get(0xc420185e00, 0x40c0bc0, 0xc4200140b0, 0x2f59e20, 0xc, 0x0, 0x0, 0x0)
/gopath/src/github.com/hashicorp/vault/physical/cache.go:110 +0x37f
github.com/hashicorp/vault/vault.(*AESGCMBarrier).Unseal(0xc4205716e0, 0x40c0bc0, 0xc4200140b0, 0xc42067f720, 0x20, 0x20, 0x0, 0x0)
/gopath/src/github.com/hashicorp/vault/vault/barrier_aes_gcm.go:336 +0x14f
github.com/hashicorp/vault/vault.(*Core).Initialize(0xc420564d80, 0x40c0bc0, 0xc4200140b0, 0xc4204f5a38, 0x0, 0x0, 0x0)
/gopath/src/github.com/hashicorp/vault/vault/init.go:153 +0xc1d
github.com/hashicorp/vault/http.handleSysInitPut(0xc420564d80, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/gopath/src/github.com/hashicorp/vault/http/sys_init.go:105 +0x346
github.com/hashicorp/vault/http.handleSysInit.func1(0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/gopath/src/github.com/hashicorp/vault/http/sys_init.go:20 +0x8f
net/http.HandlerFunc.ServeHTTP(0xc42062a3e0, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/goroot/src/net/http/server.go:1918 +0x44
net/http.(*ServeMux).ServeHTTP(0xc4205850b0, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/goroot/src/net/http/server.go:2254 +0x130
github.com/hashicorp/vault/http.wrapHelpHandler.func1(0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/gopath/src/github.com/hashicorp/vault/http/help.go:22 +0x166
net/http.HandlerFunc.ServeHTTP(0xc4205792a0, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/goroot/src/net/http/server.go:1918 +0x44
github.com/hashicorp/vault/http.wrapCORSHandler.func1(0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/gopath/src/github.com/hashicorp/vault/http/cors.go:32 +0x10a
net/http.HandlerFunc.ServeHTTP(0xc4205792c0, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/goroot/src/net/http/server.go:1918 +0x44
github.com/hashicorp/vault/http.wrapGenericHandler.func1(0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/gopath/src/github.com/hashicorp/vault/http/handler.go:109 +0xb1
net/http.HandlerFunc.ServeHTTP(0xc4205792e0, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/goroot/src/net/http/server.go:1918 +0x44
github.com/hashicorp/vault/vendor/github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1(0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/go-cleanhttp/handlers.go:40 +0xcf
net/http.HandlerFunc.ServeHTTP(0xc420579300, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/goroot/src/net/http/server.go:1918 +0x44
net/http.serverHandler.ServeHTTP(0xc42057d380, 0x40bf3c0, 0xc42019e0e0, 0xc420176200)
/goroot/src/net/http/server.go:2619 +0xb4
net/http.(*conn).serve(0xc420426640, 0x40c0b80, 0xc4205c7880)
/goroot/src/net/http/server.go:1801 +0x71d
created by net/http.(*Server).Serve
/goroot/src/net/http/server.go:2720 +0x288

Expected Behavior:

The Vault should have generate the Keys normally as it should be.

Actual Behavior:

The Vault Application crashed while executing the command "vault operator init"

Steps to Reproduce:

Use the above mentioned config.hcl file with the vault 0.9.5 version.

Important Factoids:

References:

@jefferai
Copy link
Member

The issue is that the response from S3 is missing the Content-Length header. It is possible that the reason is that you need to adjust your CORS configuration -- see aws/aws-sdk-js#631

I can probably work around this by being less efficient about how the data is copied around.

jefferai added a commit that referenced this issue Mar 30, 2018
If the Content-Length header wasn't being sent back, the current
behavior could panic. It's unclear when it will not be sent; it appears
to be CORS dependent. But this works around it by not trying to
preallocate a buffer of a specific size and instead just read until EOF.

In addition I noticed that Close wasn't being called.
https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#GetObjectOutput
specifies that Body is an io.ReadCloser so I added a call to Close.

Fixes #4222
@jefferai jefferai added this to the 0.10 milestone Mar 30, 2018
jefferai added a commit that referenced this issue Mar 30, 2018
* Switch reading from S3 to io.Copy from io.ReadFull

If the Content-Length header wasn't being sent back, the current
behavior could panic. It's unclear when it will not be sent; it appears
to be CORS dependent. But this works around it by not trying to
preallocate a buffer of a specific size and instead just read until EOF.

In addition I noticed that Close wasn't being called.
https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#GetObjectOutput
specifies that Body is an io.ReadCloser so I added a call to Close.

Fixes #4222

* Add some extra efficiency
@smitjainsj
Copy link
Author

@jefferai thanks I will check the CORS settings on the bucket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants