Skip CRL file when parsing fails to avoid nil dereference#288
Open
LeSingh1 wants to merge 1 commit into
Open
Conversation
If x509.ParseCRL returns an error, certList is nil and the subsequent access to certList.TBSCertList.Extensions panics. The error was logged but the loop continued processing the failed CRL. Skip to the next file after logging instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In SetupCrls, when x509.ParseCRL returns an error the error is logged but the loop continues. The very next statement accesses certList.TBSCertList.Extensions, which panics with a nil pointer dereference because certList is nil whenever ParseCRL returns an error.
The fix adds a continue so an unparseable CRL is logged and skipped, matching the pattern used elsewhere in the same loop for other recoverable per-file errors (missing Authority Key Identifier, signature mismatch, unknown issuer).
This affects any deployment that loads CRLs and ever points at a malformed or truncated CRL file. Today that crashes the process at config time instead of failing gracefully.