matusf
commented
3 years ago Here is minimal example:
curl -X POST -H 'Content-Type: application/json' -H "X-Vault-Token: $token" -d '{"token": "x.x"}' http://localhost:8200/v1/auth/token/revokeClosed matusf closed 2 years ago
matusf
commented
3 years ago Here is minimal example:
curl -X POST -H 'Content-Type: application/json' -H "X-Vault-Token: $token" -d '{"token": "x.x"}' http://localhost:8200/v1/auth/token/revoke
aphorise
commented
2 years ago Closing as tests in 1.10.5 show all is okay. This issue was likely applicable to the RC version at the time of reporting.
curl -v -X POST -H 'Content-Type: application/json' -H "X-Vault-Token: $VAULT_TOKEN" -d '{"token": "x.x"}' ${VAULT_ADDR}/v1/auth/token/revoke
# < HTTP/2 204
# # // ...Thank you once more @matusf
Describe the bug Making a POST request on
/auth/token/revokewith specific payload causes internal server errorTo Reproduce Hi, I was fuzzing vault and found this bug. To reproduce it, just run
vault server -devand make a request. The request is described in enclosed zip (single JSON file inside). The JSON has also thecurlformated of the request, however, the request contains some wild unicode characters that your terminal may not like (at least mine does not :smile:). Therefore is better to use theresenderutility that I made (along with the fuzzer). You may find it in my repo (github.com/matusf/openapi-fuzzer), with all installation instructions. Basically just runopenapi-fuzzer-resender file.jsonto make the request.auth-token-revoke.zip In the request is vault token supplied in the headers, however, it's not needed to reproduce this crash.
See error from request:
{"errors":["no namespace"]}In logs:This issue might be related to #11306 and #11308 as there is the same response & log message.
Expected behavior Response with non 500 status code.
Environment:
vault status):vault version):Vault v1.7.0-rc1 (9af08a1c5f0f855984a1fa56d236675d167f578e)