Closed matusf closed 2 years ago
Here is minimal example:
curl -X POST -H 'Content-Type: application/json' -H "X-Vault-Token: $token" -d '{"increment": -1, "token": "x"}' http://localhost:8200/v1/auth/token/renew-self
Closing as issue has ben resolved since it was reported at the time of the referenced RC version. Retested in 1.10.5 without any issues:
curl -v -X POST -H 'Content-Type: application/json' -H "X-Vault-Token: $VAULT_TOKEN" -d '{"increment": -1, "token": "x"}' ${VAULT_ADDR}/v1/auth/token/renew-self
# < HTTP/2 400
# # // ...
# {"errors":["Field validation failed: error converting input -1 for field \"increment\": cannot provide negative value '-1'"]}
Great work @matusf ⭐
Describe the bug Making a POST request on
/auth/token/renew/self
with specific payload causes internal server errorTo Reproduce Hi, I was fuzzing vault and found this bug. To reproduce it, just run
vault server -dev
and make a request. The request is described in enclosed zip (single JSON file inside). The JSON has also thecurl
formated of the request, however, the request contains some wild unicode characters that your terminal may not like (at least mine does not :smile:). Therefore is better to use theresender
utility that I made (along with the fuzzer). You may find it in my repo (github.com/matusf/openapi-fuzzer), with all installation instructions.This time I fuzzed vault with supplied
X-Vault-Token
header, so to reproduce the crash you will need to add the root token toopenapi-fuzzer-resender
as well. There is a flag for that. Run is as follows:auth-token-renew-self.zip
This crash seems to be similat to https://github.com/hashicorp/vault/issues/11310. They both seem crash because of the increment field value.
See error from request:
In logs: nothing
Expected behavior Response with non 500 status code.
Environment:
vault status
):vault version
):Vault v1.7.0-rc1 (9af08a1c5f0f855984a1fa56d236675d167f578e)