Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Add input validation to getRuleInfo to prevent panic into release/1.9.x #14734

Merged
merged 2 commits into from Mar 28, 2022
Merged

Backport of Add input validation to getRuleInfo to prevent panic into release/1.9.x #14734

merged 2 commits into from Mar 28, 2022

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #14501 to be assessed for backporting due to the inclusion of the label backport/1.9.x.

The below text is copied from the body of the original PR.

A panic can be caused if input to the ParsePolicy function contains a field whose value is an empty slice. This is due to a lack of length check in the underlying getRuleInfo function which assumes the parsed slice to contain at least one value. The panic can be prevented by returning an error from getRuleInfo if an empty slice is encountered.

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/vault-4014/naturally-living-flamingo branch 4 times, most recently from 6012ab6 to 0ef88ad Compare March 28, 2022 15:06
@ccapurso ccapurso merged commit 80ce30a into release/1.9.x Mar 28, 2022
@ccapurso ccapurso deleted the backport/vault-4014/naturally-living-flamingo branch March 28, 2022 15:51
akshya96 pushed a commit that referenced this pull request Mar 29, 2022
@hc-github-team-secure-vault-core @ccapurso @akshya96
Backport of Add input validation to getRuleInfo to prevent panic into…
ad04205 
… release/1.9.x (#14734)

* backport of commit 156bfc1

* backport of commit 38f51cc

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HridoyRoy HridoyRoy HridoyRoy approved these changes

@ccapurso ccapurso Awaiting requested review from ccapurso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hc-github-team-secure-vault-core @HridoyRoy @ccapurso