fix a possible nil pointer dereference

it can happen by upgrading from very old versions
drakkan · Sep 11, 2021 · 29836ed · 29836ed
1 parent 0ad6f03
commit 29836ed
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 20 deletions.
diff --git a/common/common_test.go b/common/common_test.go
@@ -730,6 +730,26 @@ func TestParseAllowedIPAndRanges(t *testing.T) {
 	assert.False(t, allow[1](net.ParseIP("172.16.1.1")))
 }
 
+func TestHideConfidentialData(t *testing.T) {
+	for _, provider := range []vfs.FilesystemProvider{vfs.S3FilesystemProvider, vfs.GCSFilesystemProvider,
+		vfs.AzureBlobFilesystemProvider, vfs.CryptedFilesystemProvider, vfs.SFTPFilesystemProvider} {
+		u := dataprovider.User{
+			FsConfig: vfs.Filesystem{
+				Provider: provider,
+			},
+		}
+		u.PrepareForRendering()
+		f := vfs.BaseVirtualFolder{
+			FsConfig: vfs.Filesystem{
+				Provider: provider,
+			},
+		}
+		f.PrepareForRendering()
+	}
+	a := dataprovider.Admin{}
+	a.HideConfidentialData()
+}
+
 func BenchmarkBcryptHashing(b *testing.B) {
 	bcryptPassword := "bcryptpassword"
 	for i := 0; i < b.N; i++ {

diff --git a/dataprovider/user.go b/dataprovider/user.go
@@ -344,17 +344,31 @@ func (u *User) hideConfidentialData() {
 	u.Password = ""
 	switch u.FsConfig.Provider {
 	case vfs.S3FilesystemProvider:
-		u.FsConfig.S3Config.AccessSecret.Hide()
+		if u.FsConfig.S3Config.AccessSecret != nil {
+			u.FsConfig.S3Config.AccessSecret.Hide()
+		}
 	case vfs.GCSFilesystemProvider:
-		u.FsConfig.GCSConfig.Credentials.Hide()
+		if u.FsConfig.GCSConfig.Credentials != nil {
+			u.FsConfig.GCSConfig.Credentials.Hide()
+		}
 	case vfs.AzureBlobFilesystemProvider:
-		u.FsConfig.AzBlobConfig.AccountKey.Hide()
-		u.FsConfig.AzBlobConfig.SASURL.Hide()
+		if u.FsConfig.AzBlobConfig.AccountKey != nil {
+			u.FsConfig.AzBlobConfig.AccountKey.Hide()
+		}
+		if u.FsConfig.AzBlobConfig.SASURL != nil {
+			u.FsConfig.AzBlobConfig.SASURL.Hide()
+		}
 	case vfs.CryptedFilesystemProvider:
-		u.FsConfig.CryptConfig.Passphrase.Hide()
+		if u.FsConfig.CryptConfig.Passphrase != nil {
+			u.FsConfig.CryptConfig.Passphrase.Hide()
+		}
 	case vfs.SFTPFilesystemProvider:
-		u.FsConfig.SFTPConfig.Password.Hide()
-		u.FsConfig.SFTPConfig.PrivateKey.Hide()
+		if u.FsConfig.SFTPConfig.Password != nil {
+			u.FsConfig.SFTPConfig.Password.Hide()
+		}
+		if u.FsConfig.SFTPConfig.PrivateKey != nil {
+			u.FsConfig.SFTPConfig.PrivateKey.Hide()
+		}
 	}
 }
 

diff --git a/docker/README.md b/docker/README.md
@@ -4,10 +4,10 @@ SFTPGo provides an official Docker image, it is available on both [Docker Hub](h
 
 ## Supported tags and respective Dockerfile links
 
-- [v2.1.1, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile)
-- [v2.1.1-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile.alpine)
-- [v2.1.1-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile)
-- [v2.1.1-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile.alpine)
+- [v2.1.2, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
+- [v2.1.2-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
+- [v2.1.2-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
+- [v2.1.2-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
 - [edge](../Dockerfile)
 - [edge-alpine](../Dockerfile.alpine)
 - [edge-slim](../Dockerfile)

diff --git a/httpd/schema/openapi.yaml b/httpd/schema/openapi.yaml
@@ -17,7 +17,7 @@ info:
     Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
     SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
     Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
-  version: 2.1.1
+  version: 2.1.2
   contact:
     name: API support
     url: 'https://github.com/drakkan/sftpgo'

diff --git a/version/version.go b/version/version.go
@@ -2,7 +2,7 @@ package version
 
 import "strings"
 
-const version = "2.1.1"
+const version = "2.1.2"
 
 var (
 	commit = ""

diff --git a/vfs/folder.go b/vfs/folder.go
@@ -103,17 +103,31 @@ func (v *BaseVirtualFolder) IsLocalOrLocalCrypted() bool {
 func (v *BaseVirtualFolder) hideConfidentialData() {
 	switch v.FsConfig.Provider {
 	case S3FilesystemProvider:
-		v.FsConfig.S3Config.AccessSecret.Hide()
+		if v.FsConfig.S3Config.AccessSecret != nil {
+			v.FsConfig.S3Config.AccessSecret.Hide()
+		}
 	case GCSFilesystemProvider:
-		v.FsConfig.GCSConfig.Credentials.Hide()
+		if v.FsConfig.GCSConfig.Credentials != nil {
+			v.FsConfig.GCSConfig.Credentials.Hide()
+		}
 	case AzureBlobFilesystemProvider:
-		v.FsConfig.AzBlobConfig.AccountKey.Hide()
-		v.FsConfig.AzBlobConfig.SASURL.Hide()
+		if v.FsConfig.AzBlobConfig.AccountKey != nil {
+			v.FsConfig.AzBlobConfig.AccountKey.Hide()
+		}
+		if v.FsConfig.AzBlobConfig.SASURL != nil {
+			v.FsConfig.AzBlobConfig.SASURL.Hide()
+		}
 	case CryptedFilesystemProvider:
-		v.FsConfig.CryptConfig.Passphrase.Hide()
+		if v.FsConfig.CryptConfig.Passphrase != nil {
+			v.FsConfig.CryptConfig.Passphrase.Hide()
+		}
 	case SFTPFilesystemProvider:
-		v.FsConfig.SFTPConfig.Password.Hide()
-		v.FsConfig.SFTPConfig.PrivateKey.Hide()
+		if v.FsConfig.SFTPConfig.Password != nil {
+			v.FsConfig.SFTPConfig.Password.Hide()
+		}
+		if v.FsConfig.SFTPConfig.PrivateKey != nil {
+			v.FsConfig.SFTPConfig.PrivateKey.Hide()
+		}
 	}
 }