Vault 1.2.1 is crashing when trying to authenticate with radius auth method #7286

2easy · 2019-08-09T06:39:56Z

Describe the bug
After upgrade to 1.2.1 Vault is crashing when trying to authenticate with Radius server.

To Reproduce
Steps to reproduce the behavior:

Run vault auth enable radius
Run vault write auth/radius/config host=radius.internal dial_timeout=10 nas_port=10 port=1812 read_timeout=10 unregistered_user_policies="" secret=supersecret
Run echo -n "$PASSWORD-$TOKEN" | vault login -method=userpass -path=radius username=$VUSER password=-

Expected behavior
I should be able to log in via this enpoint as in previous version 1.0.3

Environment:

Vault Server Version (retrieve with vault status): 1.2.1
Vault CLI Version (retrieve with vault version): 1.2.1
Server Operating System/Architecture: Debian Stretch amd64

Vault server configuration file(s):

None

Additional context

2019-08-09T08:25:45.988+0200 [INFO]  http: panic serving 127.0.0.1:40002: runtime error: invalid memory address or nil pointer dereference
goroutine 714 [running]:
net/http.(*conn).serve.func1(0xc0000cc820)
	/goroot/src/net/http/server.go:1769 +0x139
panic(0x2c13560, 0x5b6b250)
	/goroot/src/runtime/panic.go:522 +0x1b5
github.com/hashicorp/vault/builtin/credential/radius.(*backend).pathLogin(0xc000aaa018, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0xc0001d5890, 0x10, 0xc0001d5890, 0xc0009d0b20)
	/gopath/src/github.com/hashicorp/vault/builtin/credential/radius/path_login.go:127 +0x74a
github.com/hashicorp/vault/helper/mfa.(*backend).wrapLoginHandler.func1(0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0xc0001d5890, 0xc0002450c8, 0x5b7b67, 0xc0009d0d10)
	/gopath/src/github.com/hashicorp/vault/helper/mfa/mfa.go:69 +0x61
github.com/hashicorp/vault/vendor/github.com/hashicorp/vault/sdk/framework.(*Backend).HandleRequest(0xc0002455f0, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/vault/sdk/framework/backend.go:253 +0x492
github.com/hashicorp/vault/builtin/plugin.(*PluginBackend).HandleRequest.func1(0x0, 0x28)
	/gopath/src/github.com/hashicorp/vault/builtin/plugin/backend.go:198 +0x5a
github.com/hashicorp/vault/builtin/plugin.(*PluginBackend).lazyLoadBackend(0xc000b1b9a0, 0x37b8580, 0xc0008d9980, 0x37b9000, 0xc0008cce80, 0xc0009d0e20, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/builtin/plugin/backend.go:160 +0x8c
github.com/hashicorp/vault/builtin/plugin.(*PluginBackend).HandleRequest(0xc000b1b9a0, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0xc0008baec0, 0xc)
	/gopath/src/github.com/hashicorp/vault/builtin/plugin/backend.go:196 +0xbb
github.com/hashicorp/vault/vault.(*Router).routeCommon(0xc0003db040, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/router.go:676 +0x919
github.com/hashicorp/vault/vault.(*Router).Route(...)
	/gopath/src/github.com/hashicorp/vault/vault/router.go:476
github.com/hashicorp/vault/vault.(*Core).doRouting(0xc00010bb80, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0xc000a4a0f0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:558 +0x5a
github.com/hashicorp/vault/vault.(*Core).handleLoginRequest(0xc00010bb80, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:977 +0xacc
github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest(0xc00010bb80, 0x37b8580, 0xc0008d9980, 0x5b70a40, 0xc00004e8c0, 0x5b70a40, 0x37b8580, 0xc0008d9980)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:448 +0x1ed
github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest(0xc00010bb80, 0x37b8580, 0xc0008d97a0, 0xc00004e8c0, 0x1, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:417 +0x288
github.com/hashicorp/vault/vault.(*Core).HandleRequest(...)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:382
github.com/hashicorp/vault/http.request(0xc00010bb80, 0x37992c0, 0xc00012c000, 0xc0001db600, 0xc00004e8c0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:620 +0x80
github.com/hashicorp/vault/http.handleLogicalInternal.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/logical.go:278 +0x32d
net/http.HandlerFunc.ServeHTTP(0xc000a71580, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/http.handleRequestForwarding.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:545 +0x2b7
net/http.HandlerFunc.ServeHTTP(0xc000a715a0, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
net/http.(*ServeMux).ServeHTTP(0xc0007375c0, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:2375 +0x1d6
github.com/hashicorp/vault/http.wrapHelpHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/help.go:24 +0x156
net/http.HandlerFunc.ServeHTTP(0xc000a71640, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/http.wrapCORSHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/cors.go:29 +0x9e1
net/http.HandlerFunc.ServeHTTP(0xc000a71660, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/http.wrapGenericHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db400)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:204 +0x339
net/http.HandlerFunc.ServeHTTP(0xc000a74b10, 0x37992c0, 0xc00012c000, 0xc0001db400)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/vendor/github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db400)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/go-cleanhttp/handlers.go:42 +0xbb
net/http.HandlerFunc.ServeHTTP(0xc000a71680, 0x37992c0, 0xc00012c000, 0xc0001db400)
	/goroot/src/net/http/server.go:1995 +0x44
net/http.serverHandler.ServeHTTP(0xc000b14dd0, 0x37992c0, 0xc00012c000, 0xc0001db400)
	/goroot/src/net/http/server.go:2774 +0xa8
net/http.(*conn).serve(0xc0000cc820, 0x37b84c0, 0xc000216b80)
	/goroot/src/net/http/server.go:1878 +0x851
created by net/http.(*Server).Serve
	/goroot/src/net/http/server.go:2884  #+0x2f4

The text was updated successfully, but these errors were encountered:

ncabatoff · 2019-08-09T14:15:39Z

Hi @2easy,

Thanks for the detailed bug report. We'll include a fix in 1.2.2.

ncabatoff self-assigned this Aug 9, 2019

ncabatoff mentioned this issue Aug 9, 2019

Fix regression that causes panic when logging in via Radius. #7290

Merged

chrishoffman added the bug Used to indicate a potential bug label Aug 9, 2019

briankassouf closed this as completed in #7290 Aug 14, 2019

ncabatoff mentioned this issue Aug 14, 2019

Backport 1.2: Fix regression that causes panic when logging in via Radius. #7311

Merged

jefferai added this to the 1.2.2 milestone Aug 14, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vault 1.2.1 is crashing when trying to authenticate with radius auth method #7286

Vault 1.2.1 is crashing when trying to authenticate with radius auth method #7286

2easy commented Aug 9, 2019

ncabatoff commented Aug 9, 2019

Vault 1.2.1 is crashing when trying to authenticate with radius auth method #7286

Vault 1.2.1 is crashing when trying to authenticate with radius auth method #7286

Comments

2easy commented Aug 9, 2019

ncabatoff commented Aug 9, 2019