You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2020/04/15 23:26:13 UTC

[GitHub] [trafficcontrol] rawlinp opened a new pull request #4638: Fix nil pointer dereference in sslkeys/add validation

rawlinp opened a new pull request #4638: Fix nil pointer dereference in sslkeys/add validation
URL: https://github.com/apache/trafficcontrol/pull/4638
 
 
   ## What does this PR (Pull Request) do?
   If a request does not contain a CSR _and_ `authType` is nil, TO will dereference the nil pointer and panic, causing it to return a 500 internal server error. This fixes the validation to check for a nil pointer and return a proper 400 bad request.
   
   - [x] This PR is not related to any Issue
   
   ## Which Traffic Control components are affected by this PR?
   
   - Traffic Ops
   
   ## What is the best way to verify this PR?
   Run the unit tests, verify they pass.
   
   Example `curl` request that would 500 before but should now 400:
   ```
   curl -kvs -H "$MOJO_COOKIE" -XPOST -d'{"key":"foo-ds","version":1,"certificate":{"crt":"","key":"","csr":""},"expiration":"0001-01-01T00:00:00Z","hostname":"*.foo-ds.mycdn.example.com","cdn":"foo-cdn","deliveryservice":"foo-ds"}' "https://<insert TO FQDN here>/api/2.0/deliveryservices/sslkeys/add"
   ```
   
   ## If this is a bug fix, what versions of Traffic Control are affected?
   
   - master
   
   ## The following criteria are ALL met by this PR
   
   - [x] This PR includes tests
   - [x] Bugfix, docs not necessary
   - [x] Bug was not released, so changelog is not necessary
   - [x] This PR includes any and all required license headers
   - [x] This PR does not include a database migration
   - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details)
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [trafficcontrol] mitchell852 merged pull request #4638: Fix nil pointer dereference in sslkeys/add validation

Posted by GitBox <gi...@apache.org>.

mitchell852 merged pull request #4638: Fix nil pointer dereference in sslkeys/add validation
URL: https://github.com/apache/trafficcontrol/pull/4638
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services