fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon kolide

Improper error handling for parsing of certificate PEM in fleetctl

Open zwass opened this issue 5 years ago • 3 comments

In https://github.com/kolide/fleet/blob/master/server/service/client.go#L53 we use errors.Wrap inside a statement that returns only a bool error status. errors.Wrap returns nil if the provided error is nil. If execution has made it to this point, the err variable is certain to be nil.

The function returns nil, nil, leading to a segfault later when the client is used.

zwass avatar Oct 23 '20 17:10 zwass

Theory is that this is the cause of Slack user @Miguel's issue in https://osquery.slack.com/archives/C1XCLA5DZ/p1603363866247800

[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xa4d1c9]
goroutine 1 [running]:
github.com/kolide/fleet/server/service.(*Client).url(...)
        /Users/zwass/dev/fleet/server/service/client.go:128
github.com/kolide/fleet/server/service.(*Client).doWithHeaders(0x0, 0xc0c65a, 0x4, 0xc1934b, 0x14, 0xb7a320, 0xc000440000, 0xc00033c780, 0x5, 0x2000, ...)
        /Users/zwass/dev/fleet/server/service/client.go:87 +0x69
github.com/kolide/fleet/server/service.(*Client).Do(0x0, 0xc0c65a, 0x4, 0xc1934b, 0x14, 0xb7a320, 0xc000440000, 0x4824fc, 0x18205e0, 0xc0000f2280)
        /Users/zwass/dev/fleet/server/service/client.go:106 +0x19b
github.com/kolide/fleet/server/service.(*Client).Login(0x0, 0x10b6aa8, 0x1, 0x10b6aa8, 0x1, 0x0, 0x0, 0x0, 0x0)
        /Users/zwass/dev/fleet/server/service/client_sessions.go:18 +0xfe
main.loginCommand.func1(0xc0000cef20, 0x0, 0xc0000cef20)
        /Users/zwass/dev/fleet/cmd/fleetctl/login.go:70 +0xc6
github.com/urfave/cli.HandleAction(0xb1f700, 0xc0001eafa0, 0xc0000cef20, 0xc0000a9800, 0x0)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/app.go:490 +0x82
github.com/urfave/cli.Command.Run(0xc0d5c9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1a218, 0x15, 0xc3dc2d, ...)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/command.go:210 +0x9fb
github.com/urfave/cli.(*App).Run(0xc000204b60, 0xc00009a020, 0x2, 0x2, 0x0, 0x0)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/app.go:255 +0x768
github.com/urfave/cli.(*App).RunAndExitOnError(0xc000204b60)
        /Users/zwass/dev/go/pkg/mod/github.com/urfave/[email protected]/app.go:276 +0x53
main.main()
        /Users/zwass/dev/fleet/cmd/fleetctl/fleetctl.go:44 +0x828

zwass avatar Oct 23 '20 19:10 zwass

User confirmed that changing the RootCA configuration fixed the segfault.

Fixing this error handling should prevent others from seeing segfaults under similar circumstances.

zwass avatar Oct 23 '20 22:10 zwass

Steps to reproduce. More from Miguel's issue:

I have Kolide Fleet 3.2.0 installed on CentOS 7.8.2003:

fleetctl - version 3.2.0
  branch:       master
  revision:     07534c766beb7bf9a022d29572d88493ecef8f7c
  build date:   2020-10-08T19:25:24Z
  build user:   zwass
  go version:   go1.15
fleet version
fleet version 3.2.0

From the same server run: fleetctl login

noahtalerman avatar Oct 23 '20 23:10 noahtalerman