Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln: govulncheck: panic on a nil types.Object #66130

Closed
paoloteti opened this issue Mar 6, 2024 · 6 comments
Closed

x/vuln: govulncheck: panic on a nil types.Object #66130

paoloteti opened this issue Mar 6, 2024 · 6 comments
Assignees
@zpavlinovic
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@paoloteti
Copy link

Go version

go version go1.22.0 windows/amd64

Output of go env in your module/workspace:

set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\pteti\AppData\Local\go-build
set GOENV=C:\Users\pteti\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\pteti\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\pteti\go
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=C:\Users\pteti\go\pkg\mod\golang.org\toolchain@v0.0.1-go1.22.0.windows-amd64
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLCHAIN=auto
set GOTOOLDIR=C:\Users\pteti\go\pkg\mod\golang.org\toolchain@v0.0.1-go1.22.0.windows-amd64\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.22.0
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=C:\repos\alstom.com\new\estclient\go.mod
set GOWORK=
set CGO_CFLAGS=-O2 -g
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-O2 -g
set CGO_FFLAGS=-O2 -g
set CGO_LDFLAGS=-O2 -g
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=C:\Users\pteti\AppData\Local\Temp\go-build931439042=/tmp/go-build -gno-record-gcc-switches

What did you do?

Scanner: govulncheck@v1.0.4

Run scanner as govulncheck.exe ./...

What did you see happen?

Scanning your code and 220 packages across 30 dependent modules for known vulnerabilities...

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x28 pc=0x131c6fa]

goroutine 2938 [running]:
golang.org/x/tools/go/ssa.memberFromObject(0xc015d38980, {0x0, 0x0?}, {0x0, 0x0}, {0x0, 0x0})
        C:/Users/pteti/go/pkg/mod/golang.org/x/tools@v0.17.0/go/ssa/create.go:55 +0x5a
golang.org/x/tools/go/ssa.membersFromDecl(0xc015d38980, {0x14f6d90?, 0xc00d280240?}, {0x0, 0x0})
        C:/Users/pteti/go/pkg/mod/golang.org/x/tools@v0.17.0/go/ssa/create.go:161 +0x485
golang.org/x/tools/go/ssa.(*Program).CreatePackage(0xc009f6a0d0, 0xc012463260, {0xc011f95740, 0x1, 0x1}, 0xc012461e50, 0x0)    
        C:/Users/pteti/go/pkg/mod/golang.org/x/tools@v0.17.0/go/ssa/create.go:250 +0x865
golang.org/x/vuln/internal/vulncheck.buildSSA({0xc011f95810, 0x1, 0xc0002c1f90?}, 0xc000038900)
        C:/Users/pteti/go/pkg/mod/golang.org/x/vuln@v1.0.4/internal/vulncheck/utils.go:54 +0x45a
golang.org/x/vuln/internal/vulncheck.source.func1()
        C:/Users/pteti/go/pkg/mod/golang.org/x/vuln@v1.0.4/internal/vulncheck/source.go:54 +0x8f
created by golang.org/x/vuln/internal/vulncheck.source in goroutine 6
        C:/Users/pteti/go/pkg/mod/golang.org/x/vuln@v1.0.4/internal/vulncheck/source.go:52 +0x28e

What did you expect to see?

No panic
@zpavlinovic
Copy link
Contributor

Do you have reproduction steps? I am wondering if this also happens on linux and darwin.

@mknyszek
Copy link
Contributor

mknyszek commented Mar 6, 2024
edited

CC @golang/vulndb

@mknyszek mknyszek added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Mar 6, 2024
@mknyszek mknyszek modified the milestones: Backlog, Unreleased Mar 6, 2024
@mknyszek mknyszek changed the title govulncheck: panic on a nil types.Object x/vuln: govulncheck: panic on a nil types.Object Mar 6, 2024
@mknyszek mknyszek modified the milestones: Unreleased, vuln/unplanned Mar 6, 2024
@adonovan
Copy link
Member

adonovan commented Mar 6, 2024

This is almost certainly a dup of #65608 and #65590.

@paoloteti
Copy link
Author

@zpavlinovic I don't had time to write a minimal version, but the the file is small, so here it is:

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"flag"
	"fmt"
	"os"
	"path/filepath"

	"github.com/thales-e-security/estclient"
)

// VERSION is the current software version
const VERSION = "0.1.0"

// gitCommit equal to 'git describe' output (injected at build time)
var gitCommit string

func usage() {
	if gitCommit != "" {
		fmt.Printf("estclient version %s (commit %s)\n\n", VERSION, gitCommit)
	} else {
		fmt.Printf("estclient version %s\n\n", VERSION)
	}
	fmt.Printf("Usage: %s [options]\n", filepath.Base(os.Args[0]))
	flag.PrintDefaults()
}

func main() {
	var (
		cert         *x509.Certificate
		enrolledCert *x509.Certificate
		template     *x509.CertificateRequest

		showHelp   = flag.Bool("h", false, "Show help message")
		secret     = flag.String("pass", "", "HTTP base auth password")
		id         = flag.String("user", "", "HTTP base auth user")
		skipVerify = flag.Bool("skipverify", false, "Accept any TLS server certificate presented by the server")
		server     = flag.String("server", "127.0.0.1:8443", "EST server")
		certs      = flag.String("certs", "", "TLS certificate")
		reenroll   = flag.Bool("reenroll", false, "Re-enroll with EST CA")
		outfile    = flag.String("out", "out.der", "Output DER certificate name")
		csr        = flag.String("csr", "", "Use CSR request from a file")
		keybits    = flag.Int("bits", 2048, "Key length (in bits)")
		verbose    = flag.Bool("verbose", false, "Enable verbose mode")
	)

	flag.Usage = usage
	flag.Parse()

	if *showHelp {
		usage()
		os.Exit(1)
	}

	if *reenroll && *certs == "" {
		fmt.Println("certs option is mandatory using reenroll")
		os.Exit(1)
	}

	if *certs != "" {
		der, err := os.ReadFile(*certs)
		if err != nil {
			fmt.Printf("Cannot open %s: %v", *certs, err)
			os.Exit(1)
		}

		cert, err = x509.ParseCertificate(der)
		if err != nil {
			fmt.Printf("Cannot parse x509 certificate %s: %v\n", *certs, err)
			os.Exit(1)
		}
	}

	opt := estclient.ClientOptions{
		InsecureSkipVerify: *skipVerify,
		TLSTrustAnchor:     cert,
	}
	client := estclient.NewEstClientWithOptions(*server, opt)

	cacerts, err := client.CaCerts()
	if err != nil {
		fmt.Printf("Cannot retrieve CA certs: %v\n", err)
		os.Exit(1)
	}

	if *verbose {
		fmt.Printf("EST Root Certificate: %+v\n", cacerts.EstTA.Subject)
	}

	// Create key and certificate request
	key, err := rsa.GenerateKey(rand.Reader, *keybits)
	if err != nil {
		fmt.Printf("Cannot create key and certificate request: %v\n", err)
		os.Exit(1)
	}

	if *csr == "" {
		template = &x509.CertificateRequest{Subject: pkix.Name{CommonName: "EST"}}
	} else {
		data, err := os.ReadFile(*csr)
		if err != nil {
			fmt.Printf("Cannot read CSR file: %v\n", err)
			os.Exit(1)
		}

		if b, _ := pem.Decode(data); b == nil {
			template, err = x509.ParseCertificateRequest(data)
		} else {
			template, err = x509.ParseCertificateRequest(b.Bytes)
		}
		if err != nil {
			fmt.Printf("Cannot build CSR: %v\n", err)
			os.Exit(1)
		}
	}

	raw, err := x509.CreateCertificateRequest(rand.Reader, template, key)
	if err != nil {
		fmt.Printf("Cannot create CSR: %v\n", err)
		os.Exit(1)
	}

	certReq, err := x509.ParseCertificateRequest(raw)
	if err != nil {
		fmt.Printf("Cannot parse CSR: %v\n", err)
		os.Exit(1)
	}

	if !*reenroll {
		// Enroll with EST CA
		authData := estclient.AuthData{ID: id, Secret: secret}
		enrolledCert, err = client.SimpleEnroll(authData, certReq)
		if err != nil {
			fmt.Printf("Cannot enroll certificate: %v\n", err)
			os.Exit(1)
		}
	} else {
		// Re-enroll with EST CA
		authData := estclient.AuthData{ID: id, Secret: secret, Key: key, ClientCert: cert}
		enrolledCert, err = client.SimpleReenroll(authData, certReq)
		if err != nil {
			fmt.Printf("Cannot re-enroll with EST CA: %v\n", err)
			os.Exit(1)
		}
	}

	if err := os.WriteFile(*outfile, enrolledCert.Raw, 0644); err != nil {
		fmt.Printf("Cannot create %s: %v\n", *outfile, err)
	}
}

@paoloteti
Copy link
Author

I switched to go1.22.1 + govulncheck@v1.0.4 under Windows 11 /amd64 and this issue disappear.

@zpavlinovic zpavlinovic self-assigned this Mar 26, 2024
@zpavlinovic
Copy link
Contributor

Yes, recompiling govulncheck with go1.22+ is the fix in this case. More here #65590.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
4 participants
@zpavlinovic @mknyszek @adonovan @paoloteti