Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix nil pointer deref in cli/upload.BlobCmd #563

Merged
merged 1 commit into from
Aug 24, 2021
Merged

fix nil pointer deref in cli/upload.BlobCmd #563

merged 1 commit into from
Aug 24, 2021

Conversation

ansemjo
Copy link
Contributor

@ansemjo ansemjo commented Aug 24, 2021

I was playing around with the cosign cli and found that calling cosign upload blob ... with an image address but without any -f arguments leads to a nil pointer dereference. This patch adds a check that at least one file was provided.

The underlying cause is that calling cremote.UploadFiles with an empty files list never sets the var img v1.Image within and thus the returned dgstr is nil, I believe?

@dlorenc
Copy link
Member

dlorenc commented Aug 24, 2021

Thanks for the fix!

calling 'cosign upload blob ...' with an image address but without any -f arguments lead to a nil pointer dereference; check that at least one file was provided

Signed-off-by: Anton Semjonov <anton@semjonov.de>
@ansemjo
Copy link
Contributor Author

ansemjo commented Aug 24, 2021

Sure! I wasn't sure if it was the right place to raise an error in BlobCmd or if dgster.Digest was more appropriate .. I force-pushed another edit using errors.New per your suggestion.

@dlorenc
Copy link
Member

dlorenc commented Aug 24, 2021

Thanks!

@dlorenc dlorenc merged commit 8ce7d29 into sigstore:main Aug 24, 2021
@cpanato cpanato added this to the v1.1.0 milestone Aug 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants