Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"tailscale debug capture" panics on access denied error #7572

Closed
darkrain42 opened this issue Mar 15, 2023 · 0 comments · Fixed by #7773
Closed

"tailscale debug capture" panics on access denied error #7572

darkrain42 opened this issue Mar 15, 2023 · 0 comments · Fixed by #7773
Assignees
@twitchyliquid64
Labels
bug Bug L1 Very few Likelihood P1 Nuisance Priority level T8 Crash Issue type

Comments

@darkrain42
Copy link

What is the issue?

Running "tailscale debug capture" as an unprivileged user in tailscale 1.38.1 immediately crashes ("panic: runtime error: invalid memory address or nil pointer dereference").

Works fine run as root (sudo !!)

tailscale 1.38.1 on Ubuntu 22.10

% tailscale debug capture
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x7c352b]

goroutine 1 [running]:
tailscale.com/client/tailscale.(*LocalClient).StreamDebugCapture(0x968b60?, {0xb1f6e8?, 0xc0000b6000?})
        tailscale.com@v1.38.1/client/tailscale/localclient.go:1104 +0x12b
tailscale.com/cmd/tailscale/cli.runCapture({0xb1f6e8, 0xc0000b6000}, {0xa8d208?, 0x7fe5dcfe25b8?, 0x18?})
        tailscale.com@v1.38.1/cmd/tailscale/cli/debug.go:771 +0x54
github.com/peterbourgon/ff/v3/ffcli.(*Command).Run(0x968b60?, {0xb1f6e8?, 0xc0000b6000?})
        github.com/peterbourgon/ff/v3@v3.1.2/ffcli/command.go:153 +0x16c
github.com/peterbourgon/ff/v3/ffcli.(*Command).Run(0x0?, {0xb1f6e8?, 0xc0000b6000?})
        github.com/peterbourgon/ff/v3@v3.1.2/ffcli/command.go:157 +0x113
github.com/peterbourgon/ff/v3/ffcli.(*Command).Run(0xc0000da630?, {0xb1f6e8?, 0xc0000b6000?})
        github.com/peterbourgon/ff/v3@v3.1.2/ffcli/command.go:157 +0x113
tailscale.com/cmd/tailscale/cli.Run({0xc0000a0160?, 0xc000094000?, 0x0?})
        tailscale.com@v1.38.1/cmd/tailscale/cli/cli.go:175 +0x9ab
main.main()
        tailscale.com@v1.38.1/cmd/tailscale/tailscale.go:22 +0xfb

% gdb --args tailscale debug capture
...
(gdb) run
...
Thread 1 "tailscale" received signal SIGSEGV, Segmentation fault.
tailscale.com/client/tailscale.(*LocalClient).StreamDebugCapture (lc=0xea2e00 <tailscale.com/cmd/tailscale/cli[localClient]>, ctx=..., ~r0=..., ~r1=...) at tailscale.com@v1.38.1/client/tailscale/localclient.go:1104
1104    tailscale.com@v1.38.1/client/tailscale/localclient.go: No such file or directory.
(gdb) p res
$1 = <optimized out>
(gdb) p err
$2 = {
  tab = 0xb1ba60 <go:itab.*tailscale.com/client/tailscale.AccessDeniedError,error>,
  data = 0xc000068ca0
}
(gdb)

Trivial patch (untested)

diff --git a/client/tailscale/localclient.go b/client/tailscale/localclient.go
index e35846e6..9224f084 100644
--- a/client/tailscale/localclient.go
+++ b/client/tailscale/localclient.go
@@ -1099,11 +1099,10 @@ func (lc *LocalClient) StreamDebugCapture(ctx context.Context) (io.ReadCloser, e
    if err != nil {
        return nil, err
    }
    res, err := lc.doLocalRequestNiceError(req)
    if err != nil {
-       res.Body.Close()
        return nil, err
    }
    if res.StatusCode != 200 {
        res.Body.Close()
        return nil, errors.New(res.Status)

I don't see a path through doLocalRequestNiceError where res is ever non-nil when err is non-nil.

Steps to reproduce

As a non-privileged user (i.e. not root, and have not run "tailscale up --operator $USER"), run "tailscale debug capture".

Are there any recent changes that introduced the issue?

No response

OS

Linux

OS version

Ubuntu 22.10, Debian 11,

Tailscale version

1.38.1

Other software

No response

Bug report

No response
@DentonGentry DentonGentry added L1 Very few Likelihood P1 Nuisance Priority level T8 Crash Issue type and removed needs-triage labels Mar 15, 2023
twitchyliquid64 added a commit that referenced this issue Apr 3, 2023
@twitchyliquid64
client/tailscale: Fix NPE caused by erroneous close in error case
1ffcb6e 
Fixes #7572

When handling an error during `StreamDebugCapture`, the response body
is closed, even though the response struct is always nil. Thanks
to https://github.com/darkrain42 for debugging this!!

Signed-off-by: Tom DNetto <tom@tailscale.com>
@twitchyliquid64 twitchyliquid64 mentioned this issue Apr 3, 2023
Merged
twitchyliquid64 added a commit that referenced this issue Apr 3, 2023
@twitchyliquid64
client/tailscale: Fix NPE caused by erroneous close in error case
483109b 
Fixes #7572

When handling an error during `StreamDebugCapture`, the response body
is closed, even though the response struct is always nil. Thanks
to https://github.com/darkrain42 for debugging this!!

Signed-off-by: Tom DNetto <tom@tailscale.com>
darksip pushed a commit to darksip/tailscale that referenced this issue Apr 4, 2023
@twitchyliquid64 @darksip
client/tailscale: Fix NPE caused by erroneous close in error case
447f321 
Fixes tailscale#7572

When handling an error during `StreamDebugCapture`, the response body
is closed, even though the response struct is always nil. Thanks
to https://github.com/darkrain42 for debugging this!!

Signed-off-by: Tom DNetto <tom@tailscale.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@twitchyliquid64 twitchyliquid64

Labels
bug Bug L1 Very few Likelihood P1 Nuisance Priority level T8 Crash Issue type
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

client/tailscale: Fix NPE caused by erroneous close in error case tailscale/tailscale
3 participants
@darkrain42 @DentonGentry @twitchyliquid64