Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault on --help with --tlsverify if no ca certificate is present #1113

Closed
pvanagtmaal opened this issue Jun 6, 2018 · 3 comments
Closed
Labels

Comments

@pvanagtmaal
Copy link

pvanagtmaal commented Jun 6, 2018

BUG REPORT INFORMATION

Description

Docker segfaults when trying to list view the helptext (--help) when using tls verification without a CA certificate.

Steps to reproduce the issue:

  1. Make sure there is no ca.pem in $HOME/.docker/
  2. Execute docker --tlsverify --help

Describe the results you received:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x60 pc=0x8d8605]

goroutine 1 [running]:
github.com/docker/cli/vendor/github.com/docker/docker/client.(*Client).ClientVersion(0x0, 0x2507800, 0x0)
	/go/src/github.com/docker/cli/vendor/github.com/docker/docker/client/client.go:321 +0x5
main.areSubcommandsSupported(0xc42058a240, 0x24dc060, 0xc420101b80, 0x24ca720, 0xc4204b9440)
	/go/src/github.com/docker/cli/cmd/docker/docker.go:309 +0x60
main.isSupported(0xc42058a240, 0x24dc060, 0xc420101b80, 0x7ffe6135d7d0, 0x24ba280)
	/go/src/github.com/docker/cli/cmd/docker/docker.go:260 +0x43
main.setHelpFunc.func1(0xc42058a240, 0xc4200100a0, 0x2, 0x2)
	/go/src/github.com/docker/cli/cmd/docker/docker.go:90 +0x72
github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc42058a240, 0xc420455470, 0xc420455410, 0xc42000e200)
	/go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:790 +0x5bb
github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).Execute(0xc42058a240, 0xc42058a240, 0x24cef20)
	/go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:738 +0x2b
main.main()
	/go/src/github.com/docker/cli/cmd/docker/docker.go:162 +0xd0

Describe the results you expected:
The same warning you get when executing for example docker --tlsverify info without a ca.pem in $HOME/.docker/: could not read CA certificate "$HOME/.docker/ca.pem": open $HOME/.docker/ca.pem: no such file or directory

Additional information you deem important (e.g. issue happens only occasionally):
Tested on both Arch Linux and Debian Stretch

Output of docker version:
Arch Linux:

Client:
 Version:      18.05.0-ce
 API version:  1.37
 Go version:   go1.10.2
 Git commit:   f150324782
 Built:        Wed May 16 22:27:45 2018
 OS/Arch:      linux/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.05.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.10.2
  Git commit:   f150324782
  Built:        Wed May 16 22:28:17 2018
  OS/Arch:      linux/amd64
  Experimental: false

Debian Stretch:

Client:
 Version:      18.03.1-ce
 API version:  1.37
 Go version:   go1.9.5
 Git commit:   9ee9f40
 Built:        Thu Apr 26 07:17:14 2018
 OS/Arch:      linux/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.03.1-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.5
  Git commit:   9ee9f40
  Built:        Thu Apr 26 07:15:24 2018
  OS/Arch:      linux/amd64
  Experimental: false

Output of docker info:

Arch Linux:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 33
Server Version: 18.05.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.16.13-1-ARCH
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.698GiB
Name: <left out>
ID: DHWN:5OLZ:O6NU:FBTD:3XTA:PI2N:E3ON:N4NT:AI2Z:BSSV:JJS3:ETLW
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Debian Stretch:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.03.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-6-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 996.4MiB
Name: <left out>
ID: ABAF:EW3C:EAZP:LFMA:2KRF:4L2P:42U2:6TWF:ZN2D:NVQZ:SHVA:UH75
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.):
Arch Linux on a physical device
Debian Stretch on a VPS

@silvin-lubecki
Copy link
Contributor

Thank you @pvanagtmaal for filling this bug report!
I can reproduce it on master.

@pvanagtmaal
Copy link
Author

Thanks 👍

P.S. I discovered the same happens with the --verbose flag as well, so docker --tlsverify --verbose.

@silvin-lubecki
Copy link
Contributor

Yep I spotted it too thank you 👍
They follow the same code path, so same result...

silvin-lubecki added a commit to silvin-lubecki/cli that referenced this issue Jun 8, 2018
…cate is present"

Errors were not checked while initializing the docker client in the help command

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
chris-crone pushed a commit to chris-crone/cli that referenced this issue Jun 11, 2018
…cate is present"

Errors were not checked while initializing the docker client in the help command

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
(cherry picked from commit f4b0780)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants