From 59bc3f9336e344c6e4e5aaed27d8021c32a2abe2 Mon Sep 17 00:00:00 2001 From: Matcha Date: Fri, 20 Sep 2024 13:56:25 +0200 Subject: [PATCH] fix(gokrb5.config): do not panic on auth_to_local* Extended: Also improve error reporting when we encounter incomplete parser situations. Now, if we are in an unhandled parser situation, we will return an explicit error instead of panicking on an IndexError. Previous situation: passing an "auth_to_local" directive caused a Panic when doing v := strings.TrimSpace(p[1]) --- config/krb5conf.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/config/krb5conf.go b/config/krb5conf.go index 8efe92d8..13b4133f 100644 --- a/config/krb5conf.go +++ b/config/krb5conf.go @@ -352,6 +352,10 @@ func (r *Realm) parseLines(name string, lines []string) (err error) { ignore = true err = UnsupportedDirective{"v4 configurations are not supported"} } + if strings.Contains(line, "auth_to_local") { + ignore = true + err = UnsupportedDirective{"auth_to_local* configurations are not supported"} + } if strings.Contains(line, "{") { c++ if ignore { @@ -371,7 +375,11 @@ func (r *Realm) parseLines(name string, lines []string) (err error) { continue } } + if !strings.Contains(line, "=") { + return InvalidErrorf( + "gokrb5.config.krb5conf.Realm.parseLines: abnormal parser situation, probably unsupported config directive for realm %s", r.Realm) + } p := strings.Split(line, "=") key := strings.TrimSpace(strings.ToLower(p[0])) v := strings.TrimSpace(p[1]) @@ -476,6 +484,11 @@ func (d *DomainRealm) parseLines(lines []string) error { if !strings.Contains(line, "=") { return InvalidErrorf("realm line (%s)", line) } + if !strings.Contains(line, "=") { + return InvalidErrorf( + "gokrb5.config.krb5conf.DomainRealm.parseLines: abnormal parser situation, probably unsupported config directive in DomainRealm section %s", strings.Join(lines, "\n")) + + } p := strings.Split(line, "=") domain := strings.TrimSpace(strings.ToLower(p[0])) realm := strings.TrimSpace(p[1])