bug: strange ini parse key causes segfault, at U2F

[mckaygerhard]

• Gitea version (or commit ref): 1.5.3 and 1.6.0
• Git version: not relevant
• Operating system: Linux, Mac, not relevant
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant

Description

I try to understand why the gitea crash when a no valid U2F are set or not set, by example if i do not set the email, gitea property crash with indicated error:

2018/12/11 16:24:04 [...s/setting/setting.go:1504 newMailService()] [E] Invalid mailer.FROM (): mail: no address

but that its not the case for the U2F, instead gitea crash abrupted and does not specify why and when.. and user must debug to make this issue, log error of crash debug are at end of the issue.. i tested by removing the part "bad configured" and gitea does not crash! (also the crash are not very helpfull!)

also documentation are very very ambigous! documentations says at gitea docs:

U2F (U2F)
    APP_ID: ROOT_URL: Declares the facet of the application. Requires HTTPS.
    TRUSTED_FACETS: List of additional facets which are trusted. This is not support by all browsers.

The config example file said something not very similar:

[U2F]
; Two Factor authentication with security keys
; https://developers.yubico.com/U2F/App_ID.html
APP_ID         = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
; Comma seperated list of truisted facets
TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/

...

log

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x7f200c6a22ae]

goroutine 1 [running]:
code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).transformValue(0xc4201bd7a0, 0xc4201ed801, 0x28, 0xc4204c4d10, 0x7f200c3717d7)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:123 +0x1de
code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).String(0xc4201bd7a0, 0xc420206380, 0x18)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:130 +0x3f
code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).MustString(0xc4201bd7a0, 0xc420206380, 0x18, 0x1, 0xc420206380)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:202 +0x31
code.gitea.io/gitea/modules/setting.NewContext()
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/modules/setting/setting.go:1151 +0x3b7c
code.gitea.io/gitea/routers.GlobalInit()
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/routers/init.go:47 +0x4c
code.gitea.io/gitea/cmd.runWeb(0xc4200bb2c0, 0x0, 0x0)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/cmd/web.go:83 +0xb7
code.gitea.io/gitea/vendor/github.com/urfave/cli.HandleAction(0x7f200d596e20, 0x7f200d7203e0, 0xc4200bb2c0, 0xc420052200, 0x0)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:471 +0xbb
code.gitea.io/gitea/vendor/github.com/urfave/cli.Command.Run(0x7f200cf6f568, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f200cf90870, 0x16, 0x0, ...)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/command.go:191 +0xb4d
code.gitea.io/gitea/vendor/github.com/urfave/cli.(*App).Run(0xc420465040, 0xc42000c200, 0x2, 0x2, 0x0, 0x0)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:241 +0x661
main.main()
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/main.go:52 +0x469

[lafriks]

There is already issue for this

[mckaygerhard]

i'll close please tell me what its the issue number, i search previously and i not found easyle! and then i'll close

[mckaygerhard]

seems for you duplicate of #4692 but i think its not! due i report agains stable version.. as i put in the blog! more releases and more releases and open new bugs, i have a gitea open issue about the documentation with some questions not yet answered, that will help in each release to parse some "exceptions" and then users and administrators can deploy witout "surprises"

also u ask in the debian-package repository some others questions to send pull's to that.. but that repository will still active ?

[techknowlogick]

Closing as same issue as #4692. Even though the original poster of that ticket is using a different version than you, it is the same bug that is present.

Please remember that maintainers of Gitea are all volunteer, and give as much time as they can to this project, however we aren't able to respond to everything right away. Gitea is focused on adding new features AND fixing bugs. Just today 6 PRs were merged for bug fixes, as well as we soon will merge support for automated testing of MSSQL so we can have better testing coverage to catch even more bugs. As mentioned before if you need support or features right away, you are free to pay someone.

[mckaygerhard]

my questions are for contribute too! i cannot help if i dont know how and what i help! right? please some one to help with #5466