Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runtime error: invalid memory address or nil pointer dereference #704

Closed
AKTheKnight opened this issue May 14, 2020 · 3 comments
Closed

runtime error: invalid memory address or nil pointer dereference #704

AKTheKnight opened this issue May 14, 2020 · 3 comments
Assignees
@desimone
Labels
bug Something isn't working
Milestone
0.8.0

Comments

@AKTheKnight
Copy link

What happened?

Running Pomerium v0.8.0 through Docker authenticating against Azure AD. I seem to hit this runtime error if refreshing too quickly within Grafana that is behind Pomerium.

What did you expect to happen?

It to not crash

How'd it happen?

  1. Authenticated and got through to Grafana
  2. Hit refresh, get a tonne of errors within grafana.
  3. Docker logs pomerium shows errors

What's your environment like?

  • Pomerium v0.8.0 from Docker

What's your config.yaml?

authenticate_service_url: https://sso-auth.aktheknight.co.uk

insecure_server: TRUE

# Azure
IDP_PROVIDER: "azure"
IDP_PROVIDER_URL: "https://login.microsoftonline.com/f0ac156c-04d2-4e80-a9fb-628a60467e33/v2.0"
IDP_CLIENT_ID: *SCRUBBED*
IDP_CLIENT_SECRET: *SCRUBBED*

# Generate 256 bit random keys  e.g. `head -c32 /dev/urandom | base64`
cookie_secret: *SCRUBBED*

# https://www.pomerium.io/configuration/#policy
policy:
  - from: http://external.aktheknight.co.uk
    to: http://external
    allowed_users:
      - alex@aktheknight.co.uk
  - from: http://monitoring-docker.aktheknight.co.uk
    to: http://portainer:9000
    allowed_users:
      - alex@aktheknight.co.uk
  - from: http://monitoring.aktheknight.co.uk
    to: http://seq:80
    allowed_users:
      - alex@aktheknight.co.uk

  - from: http://prometheus.docker.aktheknight.co.uk
    to: http://prometheus:9090
    allowed_users:
      - alex@aktheknight.co.uk
  - from: http://alertmanager.docker.aktheknight.co.uk
    to: http://alertmanager:9093
    allowed_users:
      - alex@aktheknight.co.uk
  - from: http://grafana.docker.aktheknight.co.uk
    to: http://grafana:3000
    allowed_users:
      - alex@aktheknight.co.uk

What did you see in the logs?

{"level":"debug","X-Forwarded-For":["86.134.31.66"],"X-Forwarded-Proto":["https"],"X-Real-Ip":["86.134.31.66"],"ip":"192.168.16.2","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4137.0 Safari/537.36 Edg/84.0.513.0","referer":"https://grafana.docker.aktheknight.co.uk/d/NQ4dj5gGk/docker-containers?orgId=1&refresh=10s","req_id":"e769c416-be92-00d7-f732-5a1df01ad930","duration":10.88241,"size":29,"status":503,"method":"GET","service":"all","host":"grafana.docker.aktheknight.co.uk","path":"/api/datasources/proxy/1/api/v1/query_range?query=node_load1&start=1589482860&end=1589483760&step=30","time":"2020-05-14T19:16:29Z","message":"http-request"}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xee8339]

goroutine 563 [running]:
github.com/pomerium/pomerium/authorize.(*Authorize).IsAuthorized(0xc0002f9de0, 0x13fa740, 0xc0007741b0, 0xc00078c090, 0x0, 0x0, 0x0)
        /home/runner/work/pomerium/pomerium/authorize/grpc.go:35 +0x3e9
github.com/pomerium/pomerium/internal/grpc/authorize._Authorizer_IsAuthorized_Handler(0x10a5400, 0xc0002f9de0, 0x13fa740, 0xc0007741b0, 0xc000a282a0, 0x0, 0x13fa740, 0xc0007741b0, 0xc0008c4800, 0xb12)
        /home/runner/work/pomerium/pomerium/internal/grpc/authorize/authorize.pb.go:349 +0x217
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000a41a0, 0x140ab80, 0xc0005d2000, 0xc0008b3800, 0xc000775b90, 0x1c72bb0, 0x0, 0x0, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1082 +0x50a
google.golang.org/grpc.(*Server).handleStream(0xc0000a41a0, 0x140ab80, 0xc0005d2000, 0xc0008b3800, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1405 +0xcc9
google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc00028c020, 0xc0000a41a0, 0x140ab80, 0xc0005d2000, 0xc0008b3800)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:746 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:744 +0xa1
@travisgroth travisgroth added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 14, 2020
@AKTheKnight
Copy link
Author

Well I now appear to have managed to get it to break twice at once.

If it would help, I can provide access to an AzureAD account along with app credentials for testing :)

{"level":"debug","X-Forwarded-For":["86.134.31.66"],"X-Forwarded-Proto":["https"],"X-Real-Ip":["86.134.31.66"],"ip":"192.168.16.2","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4137.0 Safari/537.36 Edg/84.0.513.0","referer":"https://grafana.docker.aktheknight.co.uk/d/NQ4dj5gGk/docker-containers?orgId=1&refresh=10s","req_id":"ce0e4854-7a64-cb12-5740-3f870553d62f","duration":32.972642,"size":1459,"status":500,"method":"GET","service":"all","host":"grafana.docker.aktheknight.co.uk","path":"/api/datasources/proxy/1/api/v1/query_range?query=sum(irate(node_disk_read_bytes_total%5B5m%5D))&start=1589493420&end=1589494320&step=60","time":"2020-05-14T22:12:25Z","message":"http-request"}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xee8339]

goroutine 28988 [running]:
github.com/pomerium/pomerium/authorize.(*Authorize).IsAuthorized(0xc000406ee0, 0x13fa740, 0xc000c674a0, 0xc0008b2fc0, 0x0, 0x0, 0x0)
        /home/runner/work/pomerium/pomerium/authorize/grpc.go:35 +0x3e9
github.com/pomerium/pomerium/internal/grpc/authorize._Authorizer_IsAuthorized_Handler(0x10a5400, 0xc000406ee0, 0x13fa740, 0xc000c674a0, 0xc000e22660, 0x0, 0x13fa740, 0xc000c674a0, 0xc000900000, 0xb12)
        /home/runner/work/pomerium/pomerium/internal/grpc/authorize/authorize.pb.go:349 +0x217
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000fe680, 0x140ab80, 0xc000650600, 0xc000405f00, 0xc000678090, 0x1c72bb0, 0x0, 0x0, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1082 +0x50a
google.golang.org/grpc.(*Server).handleStream(0xc0000fe680, 0x140ab80, 0xc000650600, 0xc000405f00, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1405 +0xcc9
google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0001f4000, 0xc0000fe680, 0x140ab80, 0xc000650600, 0xc000405f00)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:746 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:744 +0xa1
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xee8339]

goroutine 29011 [running]:
github.com/pomerium/pomerium/authorize.(*Authorize).IsAuthorized(0xc000406ee0, 0x13fa740, 0xc000bd6090, 0xc000628090, 0x0, 0x0, 0x0)
        /home/runner/work/pomerium/pomerium/authorize/grpc.go:35 +0x3e9
github.com/pomerium/pomerium/internal/grpc/authorize._Authorizer_IsAuthorized_Handler(0x10a5400, 0xc000406ee0, 0x13fa740, 0xc000bd6090, 0xc000793380, 0x0, 0x13fa740, 0xc000bd6090, 0xc000b1c580, 0xc6d)
        /home/runner/work/pomerium/pomerium/internal/grpc/authorize/authorize.pb.go:349 +0x217
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000fe680, 0x140ab80, 0xc000650600, 0xc000376b00, 0xc000678090, 0x1c72bb0, 0x0, 0x0, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1082 +0x50a
google.golang.org/grpc.(*Server).handleStream(0xc0000fe680, 0x140ab80, 0xc000650600, 0xc000376b00, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1405 +0xcc9
google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0001f4000, 0xc0000fe680, 0x140ab80, 0xc000650600, 0xc000376b00)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:746 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:744 +0xa1

@psychomelet
Copy link

psychomelet commented May 18, 2020
edited

+1, version Pomerium v0.8.0 docker

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xee8339]

goroutine 236 [running]:
github.com/pomerium/pomerium/authorize.(*Authorize).IsAuthorized(0xc000427690, 0x13fa740, 0xc000332060, 0xc000540000, 0x0, 0x0, 0x0)
	/home/runner/work/pomerium/pomerium/authorize/grpc.go:35 +0x3e9
github.com/pomerium/pomerium/internal/grpc/authorize._Authorizer_IsAuthorized_Handler(0x10a5400, 0xc000427690, 0x13fa740, 0xc000332060, 0xc0007a0120, 0x0, 0x13fa740, 0xc000332060, 0xc000136000, 0x664)
	/home/runner/work/pomerium/pomerium/internal/grpc/authorize/authorize.pb.go:349 +0x217
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000b4d00, 0x140ab80, 0xc00054e600, 0xc0007e4000, 0xc000233590, 0x1c72bb0, 0x0, 0x0, 0x0)
	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1082 +0x50a
google.golang.org/grpc.(*Server).handleStream(0xc0000b4d00, 0x140ab80, 0xc00054e600, 0xc0007e4000, 0x0)
	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1405 +0xcc9
google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0004165d4, 0xc0000b4d00, 0x140ab80, 0xc00054e600, 0xc0007e4000)
	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:746 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:744 +0xa1

@desimone desimone self-assigned this May 20, 2020
@desimone desimone added bug Something isn't working and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels May 20, 2020
desimone added a commit to desimone/pomerium that referenced this issue May 20, 2020
@desimone
authorize: fix nil reference pomerium#704
5a23e36 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
desimone added a commit to desimone/pomerium that referenced this issue May 20, 2020
@desimone
authorize: fix nil reference bug (pomerium#704)
a081f4c 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This was referenced May 20, 2020
Closed
Merged
desimone added a commit that referenced this issue May 20, 2020
@desimone
authorize: fix nil reference (#704) (#741)
d31245f 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
@desimone
Copy link
Contributor

Hey @AKTheKnight @psychomelet ,

Thanks for reporting the issue. This should be fixed in the latest build v0.8.1.

@desimone desimone added this to the 0.8.0 milestone May 20, 2020
@cuonglm cuonglm mentioned this issue Jun 18, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@desimone desimone

Labels
bug Something isn't working
Projects
None yet
Milestone
0.8.0
Development

Successfully merging a pull request may close this issue.

authorize: fix nil referene bug in logging (#704) desimone/pomerium
4 participants
@desimone @travisgroth @AKTheKnight @psychomelet