Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST on /auth/token/revoke endpoint with specific payload causes internal server error #11313

Closed
matusf opened this issue Apr 8, 2021 · 2 comments
Closed

POST on /auth/token/revoke endpoint with specific payload causes internal server error #11313

matusf opened this issue Apr 8, 2021 · 2 comments
Assignees
@hsimon-hashicorp
Labels
core Issues and Pull-Requests specific to Vault Core

Comments

@matusf
Copy link

matusf commented Apr 8, 2021

Describe the bug
Making a POST request on /auth/token/revoke with specific payload causes internal server error

To Reproduce
Hi, I was fuzzing vault and found this bug. To reproduce it, just run vault server -dev and make a request. The request is described in enclosed zip (single JSON file inside). The JSON has also the curl formated of the request, however, the request contains some wild unicode characters that your terminal may not like (at least mine does not 😄). Therefore is better to use the resender utility that I made (along with the fuzzer). You may find it in my repo (github.com/matusf/openapi-fuzzer), with all installation instructions. Basically just run openapi-fuzzer-resender file.json to make the request.

auth-token-revoke.zip
In the request is vault token supplied in the headers, however, it's not needed to reproduce this crash.

See error from request: {"errors":["no namespace"]}
In logs:

[WARN]  core: error looking up namespace from the token's namespace ID: error="no namespace"

This issue might be related to #11306 and #11308 as there is the same response & log message.

Expected behavior
Response with non 500 status code.

Environment:

  • Vault Server Version (retrieve with vault status):
{
    "cluster_id": "ff96e72d-8a50-1574-3044-567db781e3c3",
    "cluster_name": "vault-cluster-f4d3b0c5",
    "initialized": true,
    "migration": false,
    "n": 1,
    "nonce": "",
    "progress": 0,
    "recovery_seal": false,
    "sealed": false,
    "storage_type": "inmem",
    "t": 1,
    "type": "shamir",
    "version": "1.7.0-rc1"
}
  • Vault CLI Version (retrieve with vault version): Vault v1.7.0-rc1 (9af08a1c5f0f855984a1fa56d236675d167f578e)
  • Server Operating System/Architecture: Ubuntu 18.04/x86_64
This was referenced Apr 8, 2021
Closed
Closed
@matusf
Copy link
Author

matusf commented Apr 23, 2021

Here is minimal example:

curl -X POST -H 'Content-Type: application/json' -H "X-Vault-Token: $token" -d '{"token": "x.x"}' http://localhost:8200/v1/auth/token/revoke

@sgmiller sgmiller added the core Issues and Pull-Requests specific to Vault Core label Apr 27, 2021
@aphorise
Copy link
Contributor

aphorise commented Sep 4, 2022

Closing as tests in 1.10.5 show all is okay. This issue was likely applicable to the RC version at the time of reporting.

curl -v -X POST -H 'Content-Type: application/json' -H "X-Vault-Token: $VAULT_TOKEN" -d '{"token": "x.x"}' ${VAULT_ADDR}/v1/auth/token/revoke
  # < HTTP/2 204
  # # // ...

Thank you once more @matusf

@aphorise aphorise closed this as completed Sep 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsimon-hashicorp hsimon-hashicorp

Labels
core Issues and Pull-Requests specific to Vault Core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aphorise @sgmiller @matusf @hsimon-hashicorp