Skip to content

Fix panic in app dialing#42719

Merged
rosstimothy merged 2 commits intomasterfrom
tross/app_panic
Jun 11, 2024
Merged

Fix panic in app dialing#42719
rosstimothy merged 2 commits intomasterfrom
tross/app_panic

Conversation

@rosstimothy
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy commented Jun 10, 2024
edited
Loading

#35501 incorrectly checked the length on the local servers variable instead of t.c.servers which could lead to panics like the one below.

panic: runtime error: slice bounds out of range [1:0]
goroutine 6558252 [running]:
github.com/gravitational/teleport/lib/web/app.(*transport).DialContext(0xc00296d5f0, {0xae8bbd8, 0xc002596a20}, {0x42c525?, 0xc001dc4d80?}, {0x120?, 0x118?})
    github.com/gravitational/teleport/lib/web/app/transport.go:264 +0x5dc
net/http.(*Transport).dial(0xc002596a20?, {0xae8bbd8?, 0xc002596a20?}, {0x92ff0a2?, 0x4e4fc13?}, {0xc000b8dfc0?, 0xc00226f000?})
    net/http/transport.go:1183 +0xd2
net/http.(*Transport).dialConn(0xc002f9cb40, {0xae8bbd8, 0xc002596a20}, {{}, 0x0, {0x9301a85, 0x5}, {0xc000b8dfc0, 0x1a}, 0x0})
    net/http/transport.go:1625 +0x7e8
net/http.(*Transport).dialConnFor(0xae8bc10?, 0xc003340370)
    net/http/transport.go:1467 +0x9f
created by net/http.(*Transport).queueForDial in goroutine 6562349
    net/http/transport.go:1436 +0x3cb

changelog: Prevent a panic in the Proxy when accessing an offline application

@rosstimothy
Fix panic in app dialing
958d824 
#35501 incorrectly
checked the length on the local servers variable instead of
`t.c.servers` which could lead to panics like the one below.

```bash

panic: runtime error: slice bounds out of range [1:0]
goroutine 6558252 [running]:
github.com/gravitational/teleport/lib/web/app.(*transport).DialContext(0xc00296d5f0, {0xae8bbd8, 0xc002596a20}, {0x42c525?, 0xc001dc4d80?}, {0x120?, 0x118?})
    github.com/gravitational/teleport/lib/web/app/transport.go:264 +0x5dc
net/http.(*Transport).dial(0xc002596a20?, {0xae8bbd8?, 0xc002596a20?}, {0x92ff0a2?, 0x4e4fc13?}, {0xc000b8dfc0?, 0xc00226f000?})
    net/http/transport.go:1183 +0xd2
net/http.(*Transport).dialConn(0xc002f9cb40, {0xae8bbd8, 0xc002596a20}, {{}, 0x0, {0x9301a85, 0x5}, {0xc000b8dfc0, 0x1a}, 0x0})
    net/http/transport.go:1625 +0x7e8
net/http.(*Transport).dialConnFor(0xae8bc10?, 0xc003340370)
    net/http/transport.go:1467 +0x9f
created by net/http.(*Transport).queueForDial in goroutine 6562349
    net/http/transport.go:1436 +0x3cb

```
@rosstimothy rosstimothy marked this pull request as ready for review June 10, 2024 20:35
@github-actions github-actions Bot requested review from lxea and ravicious June 10, 2024 20:36
espadolini
espadolini reviewed Jun 10, 2024
View reviewed changes
Comment thread lib/web/app/transport.go Outdated
Comment on lines 389 to 390
// eliminate any servers from the head of the list that were unreachable
t.mu.Lock()
Copy link
Copy Markdown
Contributor

@espadolini espadolini Jun 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if some other concurrent call to DialContext already eliminated some servers from the head of t.c.servers? Is there some external synchronization to prevent that?

Copy link
Copy Markdown
Contributor Author

@rosstimothy rosstimothy Jun 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's likely a problem this code would run into with or without this change though. I could add some check that if the length of the two servers slices didn't match to just abort modifying things this time around.

Copy link
Copy Markdown
Contributor

@espadolini espadolini Jun 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't tell if t.c.servers is ever externally modified; if not, I guess that a length check would work?

Is t.c.servers ordered in some way? Does it have some uniqueness guarantee?

Copy link
Copy Markdown
Contributor Author

@rosstimothy rosstimothy Jun 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Each session populates t.c.servers a single time via https://github.com/gravitational/teleport/blob/master/lib/web/app/match.go#L47-L65. Any matching servers for the session are randomly shuffled. The only place t.c.servers should be modified after the session has been created is when removing them here.

@rosstimothy rosstimothy requested a review from espadolini June 11, 2024 14:16
@gravitational gravitational deleted a comment from github-actions Bot Jun 11, 2024
@gravitational gravitational deleted a comment from github-actions Bot Jun 11, 2024
@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from lxea June 11, 2024 16:41
@rosstimothy rosstimothy added this pull request to the merge queue Jun 11, 2024
Merged via the queue into master with commit 09f2310 Jun 11, 2024
@rosstimothy rosstimothy deleted the tross/app_panic branch June 11, 2024 17:38
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Jun 11, 2024

@rosstimothy See the table below for backport results.

Branch Result
branch/v14 Create PR
branch/v15 Create PR
branch/v16 Create PR

This was referenced Jun 11, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ravicious ravicious ravicious approved these changes

@espadolini espadolini espadolini approved these changes

Assignees

No one assigned

Labels

size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rosstimothy @ravicious @espadolini