cmd, db: verify at least one secret is passed to --key-secrets

Passing an empty list to the overlord or worker's --key-secrets
flag currently causes an out of range panic. Always check to ensure
there's at least one element passed.

Fixes #130
Fixes #217
This commit is contained in:
Eric Chiang 2015-12-16 17:11:23 -08:00
parent bf13c3bc37
commit 49389c9b90
4 changed files with 15 additions and 1 deletions

View file

@ -72,6 +72,10 @@ func main() {
log.Fatalf("Unable to use --admin-listen flag: %v", err) log.Fatalf("Unable to use --admin-listen flag: %v", err)
} }
if len(keySecrets.BytesSlice()) == 0 {
log.Fatalf("Must specify at least one key secret")
}
dbCfg := db.Config{ dbCfg := db.Config{
DSN: *dbURL, DSN: *dbURL,
MaxIdleConnections: 1, MaxIdleConnections: 1,

View file

@ -135,6 +135,9 @@ func main() {
UsersFile: *users, UsersFile: *users,
} }
} else { } else {
if len(keySecrets.BytesSlice()) == 0 {
log.Fatalf("Must specify at least one key secret")
}
if *dbMaxIdleConns == 0 { if *dbMaxIdleConns == 0 {
log.Warning("Running with no limit on: database idle connections") log.Warning("Running with no limit on: database idle connections")
} }

View file

@ -90,6 +90,9 @@ type privateKeySetBlob struct {
} }
func NewPrivateKeySetRepo(dbm *gorp.DbMap, useOldFormat bool, secrets ...[]byte) (*PrivateKeySetRepo, error) { func NewPrivateKeySetRepo(dbm *gorp.DbMap, useOldFormat bool, secrets ...[]byte) (*PrivateKeySetRepo, error) {
if len(secrets) == 0 {
return nil, errors.New("must provide at least one key secret")
}
for i, secret := range secrets { for i, secret := range secrets {
if len(secret) != 32 { if len(secret) != 32 {
return nil, fmt.Errorf("key secret %d: expected 32-byte secret", i) return nil, fmt.Errorf("key secret %d: expected 32-byte secret", i)

View file

@ -7,6 +7,10 @@ import (
func TestNewPrivateKeySetRepoInvalidKey(t *testing.T) { func TestNewPrivateKeySetRepoInvalidKey(t *testing.T) {
_, err := NewPrivateKeySetRepo(nil, false, []byte("sharks")) _, err := NewPrivateKeySetRepo(nil, false, []byte("sharks"))
if err == nil { if err == nil {
t.Fatalf("Expected non-nil error") t.Errorf("Expected non-nil error for key secret that was not 32 bytes")
}
_, err = NewPrivateKeySetRepo(nil, false)
if err == nil {
t.Fatalf("Expected non-nil error when creating repo with no key secrets")
} }
} }