upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-20 00:13:53 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fix approle login IPBelongsToCIDRBlocksSlice err handling (#14107)

Browse source 
* fix approle login IPBelongsToCIDRBlocksSlice err handling

* add changelog entry
This commit is contained in:
Chris Capurso 2022-02-16 16:30:11 -05:00 committed by GitHub
parent c610e8fa94
commit c27825a8a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
builtin/credential/approle/path_login.go
View file

@ -178,11 +178,14 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
}
belongs, err := cidrutil.IPBelongsToCIDRBlocksSlice(req.Connection.RemoteAddr, entry.CIDRList)
if !belongs || err != nil {
if err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}
if !belongs {
return logical.ErrorResponse(fmt.Errorf(
"source address %q unauthorized through CIDR restrictions on the secret ID: %w",
"source address %q unauthorized through CIDR restrictions on the secret ID",
req.Connection.RemoteAddr,
err,
).Error()), nil
}
}

3
changelog/14107.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:bug
auth/approle: Fix wrapping of nil errors in `login` endpoint
```