forked from mystiq/dex
cmd, db: verify at least one secret is passed to --key-secrets
Passing an empty list to the overlord or worker's --key-secrets flag currently causes an out of range panic. Always check to ensure there's at least one element passed. Fixes #130 Fixes #217
This commit is contained in:
parent
bf13c3bc37
commit
49389c9b90
4 changed files with 15 additions and 1 deletions
|
@ -72,6 +72,10 @@ func main() {
|
|||
log.Fatalf("Unable to use --admin-listen flag: %v", err)
|
||||
}
|
||||
|
||||
if len(keySecrets.BytesSlice()) == 0 {
|
||||
log.Fatalf("Must specify at least one key secret")
|
||||
}
|
||||
|
||||
dbCfg := db.Config{
|
||||
DSN: *dbURL,
|
||||
MaxIdleConnections: 1,
|
||||
|
|
|
@ -135,6 +135,9 @@ func main() {
|
|||
UsersFile: *users,
|
||||
}
|
||||
} else {
|
||||
if len(keySecrets.BytesSlice()) == 0 {
|
||||
log.Fatalf("Must specify at least one key secret")
|
||||
}
|
||||
if *dbMaxIdleConns == 0 {
|
||||
log.Warning("Running with no limit on: database idle connections")
|
||||
}
|
||||
|
|
|
@ -90,6 +90,9 @@ type privateKeySetBlob struct {
|
|||
}
|
||||
|
||||
func NewPrivateKeySetRepo(dbm *gorp.DbMap, useOldFormat bool, secrets ...[]byte) (*PrivateKeySetRepo, error) {
|
||||
if len(secrets) == 0 {
|
||||
return nil, errors.New("must provide at least one key secret")
|
||||
}
|
||||
for i, secret := range secrets {
|
||||
if len(secret) != 32 {
|
||||
return nil, fmt.Errorf("key secret %d: expected 32-byte secret", i)
|
||||
|
|
|
@ -7,6 +7,10 @@ import (
|
|||
func TestNewPrivateKeySetRepoInvalidKey(t *testing.T) {
|
||||
_, err := NewPrivateKeySetRepo(nil, false, []byte("sharks"))
|
||||
if err == nil {
|
||||
t.Fatalf("Expected non-nil error")
|
||||
t.Errorf("Expected non-nil error for key secret that was not 32 bytes")
|
||||
}
|
||||
_, err = NewPrivateKeySetRepo(nil, false)
|
||||
if err == nil {
|
||||
t.Fatalf("Expected non-nil error when creating repo with no key secrets")
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue