Skip to content

Commit

Permalink
fix approle login IPBelongsToCIDRBlocksSlice err handling (#14107)
Browse files Browse the repository at this point in the history 
* fix approle login IPBelongsToCIDRBlocksSlice err handling

* add changelog entry
  • Loading branch information
@ccapurso
ccapurso authored Feb 16, 2022
1 parent c610e8f commit c27825a
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
9 changes: 6 additions & 3 deletions builtin/credential/approle/path_login.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,11 +178,14 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
}

belongs, err := cidrutil.IPBelongsToCIDRBlocksSlice(req.Connection.RemoteAddr, entry.CIDRList)
if !belongs || err != nil {
if err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}

if !belongs {
return logical.ErrorResponse(fmt.Errorf(
"source address %q unauthorized through CIDR restrictions on the secret ID: %w",
"source address %q unauthorized through CIDR restrictions on the secret ID",
req.Connection.RemoteAddr,
err,
).Error()), nil
}
}
Expand Down
3 changes: 3 additions & 0 deletions changelog/14107.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
auth/approle: Fix wrapping of nil errors in `login` endpoint
```

0 comments on commit c27825a

Please sign in to comment.