From b49683a40b3b3f8fceb911e8b04e1bf0132f7b16 Mon Sep 17 00:00:00 2001
From: Armon Dadgar <armon.dadgar@gmail.com>
Date: Mon, 29 Jun 2015 17:16:17 -0700
Subject: [PATCH] audit: fixing panic caused by tls connection state. Fixes
 #322

---
 builtin/audit/file/backend.go   | 20 ++++++++++++++++++++
 builtin/audit/syslog/backend.go | 20 ++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/builtin/audit/file/backend.go b/builtin/audit/file/backend.go
index d99010daba..9c95dd3ea8 100644
--- a/builtin/audit/file/backend.go
+++ b/builtin/audit/file/backend.go
@@ -53,6 +53,16 @@ func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr
 		return err
 	}
 	if !b.LogRaw {
+		// Before we copy the structure we must nil out some data
+		// otherwise we will cause reflection to panic and die
+		if req.Connection != nil && req.Connection.ConnState != nil {
+			origState := req.Connection.ConnState
+			req.Connection.ConnState = nil
+			defer func() {
+				req.Connection.ConnState = origState
+			}()
+		}
+
 		// Copy the structures
 		cp, err := copystructure.Copy(auth)
 		if err != nil {
@@ -88,6 +98,16 @@ func (b *Backend) LogResponse(
 		return err
 	}
 	if !b.LogRaw {
+		// Before we copy the structure we must nil out some data
+		// otherwise we will cause reflection to panic and die
+		if req.Connection != nil && req.Connection.ConnState != nil {
+			origState := req.Connection.ConnState
+			req.Connection.ConnState = nil
+			defer func() {
+				req.Connection.ConnState = origState
+			}()
+		}
+
 		// Copy the structure
 		cp, err := copystructure.Copy(auth)
 		if err != nil {
diff --git a/builtin/audit/syslog/backend.go b/builtin/audit/syslog/backend.go
index 79f6eb740f..cf3c6ceaa0 100644
--- a/builtin/audit/syslog/backend.go
+++ b/builtin/audit/syslog/backend.go
@@ -54,6 +54,16 @@ type Backend struct {
 
 func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr error) error {
 	if !b.logRaw {
+		// Before we copy the structure we must nil out some data
+		// otherwise we will cause reflection to panic and die
+		if req.Connection != nil && req.Connection.ConnState != nil {
+			origState := req.Connection.ConnState
+			req.Connection.ConnState = nil
+			defer func() {
+				req.Connection.ConnState = origState
+			}()
+		}
+
 		// Copy the structures
 		cp, err := copystructure.Copy(auth)
 		if err != nil {
@@ -91,6 +101,16 @@ func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr
 func (b *Backend) LogResponse(auth *logical.Auth, req *logical.Request,
 	resp *logical.Response, err error) error {
 	if !b.logRaw {
+		// Before we copy the structure we must nil out some data
+		// otherwise we will cause reflection to panic and die
+		if req.Connection != nil && req.Connection.ConnState != nil {
+			origState := req.Connection.ConnState
+			req.Connection.ConnState = nil
+			defer func() {
+				req.Connection.ConnState = origState
+			}()
+		}
+
 		// Copy the structure
 		cp, err := copystructure.Copy(auth)
 		if err != nil {