Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix panic in app dialing #42719

Merged
merged 2 commits into from
Jun 11, 2024
Merged

Fix panic in app dialing #42719

merged 2 commits into from
Jun 11, 2024

Conversation

rosstimothy
Copy link
Contributor

@rosstimothy rosstimothy commented Jun 10, 2024
edited
Loading

#35501 incorrectly checked the length on the local servers variable instead of t.c.servers which could lead to panics like the one below.

panic: runtime error: slice bounds out of range [1:0]
goroutine 6558252 [running]:
github.com/gravitational/teleport/lib/web/app.(*transport).DialContext(0xc00296d5f0, {0xae8bbd8, 0xc002596a20}, {0x42c525?, 0xc001dc4d80?}, {0x120?, 0x118?})
    github.com/gravitational/teleport/lib/web/app/transport.go:264 +0x5dc
net/http.(*Transport).dial(0xc002596a20?, {0xae8bbd8?, 0xc002596a20?}, {0x92ff0a2?, 0x4e4fc13?}, {0xc000b8dfc0?, 0xc00226f000?})
    net/http/transport.go:1183 +0xd2
net/http.(*Transport).dialConn(0xc002f9cb40, {0xae8bbd8, 0xc002596a20}, {{}, 0x0, {0x9301a85, 0x5}, {0xc000b8dfc0, 0x1a}, 0x0})
    net/http/transport.go:1625 +0x7e8
net/http.(*Transport).dialConnFor(0xae8bc10?, 0xc003340370)
    net/http/transport.go:1467 +0x9f
created by net/http.(*Transport).queueForDial in goroutine 6562349
    net/http/transport.go:1436 +0x3cb

changelog: Prevent a panic in the Proxy when accessing an offline application

@rosstimothy
Fix panic in app dialing
958d824 
#35501 incorrectly
checked the length on the local servers variable instead of
`t.c.servers` which could lead to panics like the one below.

```bash

panic: runtime error: slice bounds out of range [1:0]
goroutine 6558252 [running]:
github.com/gravitational/teleport/lib/web/app.(*transport).DialContext(0xc00296d5f0, {0xae8bbd8, 0xc002596a20}, {0x42c525?, 0xc001dc4d80?}, {0x120?, 0x118?})
    github.com/gravitational/teleport/lib/web/app/transport.go:264 +0x5dc
net/http.(*Transport).dial(0xc002596a20?, {0xae8bbd8?, 0xc002596a20?}, {0x92ff0a2?, 0x4e4fc13?}, {0xc000b8dfc0?, 0xc00226f000?})
    net/http/transport.go:1183 +0xd2
net/http.(*Transport).dialConn(0xc002f9cb40, {0xae8bbd8, 0xc002596a20}, {{}, 0x0, {0x9301a85, 0x5}, {0xc000b8dfc0, 0x1a}, 0x0})
    net/http/transport.go:1625 +0x7e8
net/http.(*Transport).dialConnFor(0xae8bc10?, 0xc003340370)
    net/http/transport.go:1467 +0x9f
created by net/http.(*Transport).queueForDial in goroutine 6562349
    net/http/transport.go:1436 +0x3cb

```
@rosstimothy rosstimothy marked this pull request as ready for review June 10, 2024 20:35
@github-actions github-actions bot requested review from lxea and ravicious June 10, 2024 20:36
espadolini
espadolini reviewed Jun 10, 2024
View reviewed changes
lib/web/app/transport.go Outdated
Comment on lines 389 to 390
// eliminate any servers from the head of the list that were unreachable
t.mu.Lock()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if some other concurrent call to DialContext already eliminated some servers from the head of t.c.servers? Is there some external synchronization to prevent that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's likely a problem this code would run into with or without this change though. I could add some check that if the length of the two servers slices didn't match to just abort modifying things this time around.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't tell if t.c.servers is ever externally modified; if not, I guess that a length check would work?

Is t.c.servers ordered in some way? Does it have some uniqueness guarantee?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Each session populates t.c.servers a single time via https://github.com/gravitational/teleport/blob/master/lib/web/app/match.go#L47-L65. Any matching servers for the session are randomly shuffled. The only place t.c.servers should be modified after the session has been created is when removing them here.

@gravitational gravitational deleted a comment from github-actions bot Jun 11, 2024
@gravitational gravitational deleted a comment from github-actions bot Jun 11, 2024
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from lxea June 11, 2024 16:41
@rosstimothy rosstimothy added this pull request to the merge queue Jun 11, 2024
Merged via the queue into master with commit 09f2310 Jun 11, 2024
37 of 38 checks passed
@rosstimothy rosstimothy deleted the tross/app_panic branch June 11, 2024 17:38
@public-teleport-github-review-bot
Copy link

@rosstimothy See the table below for backport results.

Branch Result
branch/v14 Create PR
branch/v15 Create PR
branch/v16 Create PR

This was referenced Jun 11, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ravicious ravicious ravicious approved these changes

@espadolini espadolini espadolini approved these changes

Assignees
No one assigned
Labels
backport/branch/v14 backport/branch/v15 backport/branch/v16 size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rosstimothy @ravicious @espadolini