fix: check decrypt key to prevent lua thread aborted #2815
Conversation
|
@starsz Your git commit message should be "semantic": https://github.com/zeke/semantic-pull-requests |
starsz
force-pushed
the
fix_2791
branch
3 times, most recently
from
9e700e3
to
afacc0e
Compare
starsz
changed the title
Because the title is started with "WIP". Now it's fixed. |
starsz
changed the title
t/router/radixtree-sni.t
Outdated
| local core = require("apisix.core") | ||
| local t = require("lib.test_admin") | ||
|
|
||
| local ssl_cert = t.read_file("t/certs/miss_head.crt") |
There was a problem hiding this comment.
The ssl creation will be failed if #2816 is solved. You have to solve this case that time.
There was a problem hiding this comment.
Or add a TODO comment here.
There was a problem hiding this comment.
Add TODO comment and I will solve this case in SSL certificate check PR.
t/certs/miss_head.crt
Outdated
| @@ -0,0 +1,25 @@ | |||
| MIIEojCCAwqgAwIBAgIJAK253pMhgCkxMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV | |||
There was a problem hiding this comment.
You don't have to introduce yet another bad cert and key just for mimicking bad base64 decoded strings. Do it by literal strings.
apisix/ssl/router/radixtree_sni.lua
Outdated
| return decrypted | ||
| local decoded_key = ngx_decode_base64(key) | ||
| if not decoded_key then | ||
| core.log.error("base64 decode ssl key failed. key[", key, "] ") |
There was a problem hiding this comment.
Better to mention that we will skip the bad key in the error message.
apisix/ssl/router/radixtree_sni.lua
Outdated
| core.log.error("decrypt ssl key failed. key[", key, "] ") | ||
| local decrypted = iv:decrypt(decoded_key) | ||
| if not decrypted then | ||
| core.log.error("decrypt ssl key failed. key[", key, "] ") |
starsz
force-pushed
the
fix_2791
branch
2 times, most recently
from
05378b3
to
56aa1d6
Compare
What this PR does / why we need it:
Hi, I found that the decrypt function in
aes.luawill cause lua thread aborted if the key is nil.fix: #2791
Pre-submission checklist: