search

linkerd / linkerd2

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
https://linkerd.io
Apache License 2.0
10.71k stars 1.28k forks source link

fix(destination): avoid panic on missing managed fields timestamp #13378

Closed olix0r closed 3 days ago

olix0r commented 3 days ago

We received a report of a panic:

runtime error: invalid memory address or nil pointer dereference

panic({0x1edb860?, 0x37a6050?}
    /usr/local/go/src/runtime/panic.go:785 +0x132

github.com/linkerd/linkerd2/controller/api/destination/watcher.latestUpdated({0xc0006b2d80?, 0xc00051a540?, 0xc0008fa008?})
    /linkerd-build/vendor/github.com/linkerd/linkerd2/controller/api/destination/watcher/endpoints_watcher.go:1612 +0x125

github.com/linkerd/linkerd2/controller/api/destination/watcher.(*OpaquePortsWatcher).updateService(0xc0007d5480, {0x21fd160?, 0xc000d71688?}, {0x21fd160, 0xc000d71688})
    /linkerd-build/vendor/github.com/linkerd/linkerd2/controller/api/destination/watcher/opaque_ports_watcher.go:141 +0x68

The latestUpdated function does not properly handle the case where a time is omitted from a ManagedFieldsEntry.

type ManagedFieldsEntry struct {
    // Time is the timestamp of when the ManagedFields entry was added. The
    // timestamp will also be updated if a field is added, the manager
    // changes any of the owned fields value or removes a field. The
    // timestamp does not update when a field is removed from the entry
    // because another manager took it over.
    // +optional
    Time *Time `json:"time,omitempty" protobuf:"bytes,4,opt,name=time"`

This change adds a check to avoid the nil dereference.