From 29836edf2bb224008bb9fc99511a391af0b4d38b Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Sat, 11 Sep 2021 12:48:41 +0200
Subject: [PATCH] fix a possible nil pointer dereference

it can happen by upgrading from very old versions
---
 common/common_test.go     | 20 ++++++++++++++++++++
 dataprovider/user.go      | 28 +++++++++++++++++++++-------
 docker/README.md          |  8 ++++----
 httpd/schema/openapi.yaml |  2 +-
 version/version.go        |  2 +-
 vfs/folder.go             | 28 +++++++++++++++++++++-------
 6 files changed, 68 insertions(+), 20 deletions(-)

diff --git a/common/common_test.go b/common/common_test.go
index 70050e65e..4a95554c3 100644
--- a/common/common_test.go
+++ b/common/common_test.go
@@ -730,6 +730,26 @@ func TestParseAllowedIPAndRanges(t *testing.T) {
 	assert.False(t, allow[1](net.ParseIP("172.16.1.1")))
 }
 
+func TestHideConfidentialData(t *testing.T) {
+	for _, provider := range []vfs.FilesystemProvider{vfs.S3FilesystemProvider, vfs.GCSFilesystemProvider,
+		vfs.AzureBlobFilesystemProvider, vfs.CryptedFilesystemProvider, vfs.SFTPFilesystemProvider} {
+		u := dataprovider.User{
+			FsConfig: vfs.Filesystem{
+				Provider: provider,
+			},
+		}
+		u.PrepareForRendering()
+		f := vfs.BaseVirtualFolder{
+			FsConfig: vfs.Filesystem{
+				Provider: provider,
+			},
+		}
+		f.PrepareForRendering()
+	}
+	a := dataprovider.Admin{}
+	a.HideConfidentialData()
+}
+
 func BenchmarkBcryptHashing(b *testing.B) {
 	bcryptPassword := "bcryptpassword"
 	for i := 0; i < b.N; i++ {
diff --git a/dataprovider/user.go b/dataprovider/user.go
index a1789a01f..6352d114b 100644
--- a/dataprovider/user.go
+++ b/dataprovider/user.go
@@ -344,17 +344,31 @@ func (u *User) hideConfidentialData() {
 	u.Password = ""
 	switch u.FsConfig.Provider {
 	case vfs.S3FilesystemProvider:
-		u.FsConfig.S3Config.AccessSecret.Hide()
+		if u.FsConfig.S3Config.AccessSecret != nil {
+			u.FsConfig.S3Config.AccessSecret.Hide()
+		}
 	case vfs.GCSFilesystemProvider:
-		u.FsConfig.GCSConfig.Credentials.Hide()
+		if u.FsConfig.GCSConfig.Credentials != nil {
+			u.FsConfig.GCSConfig.Credentials.Hide()
+		}
 	case vfs.AzureBlobFilesystemProvider:
-		u.FsConfig.AzBlobConfig.AccountKey.Hide()
-		u.FsConfig.AzBlobConfig.SASURL.Hide()
+		if u.FsConfig.AzBlobConfig.AccountKey != nil {
+			u.FsConfig.AzBlobConfig.AccountKey.Hide()
+		}
+		if u.FsConfig.AzBlobConfig.SASURL != nil {
+			u.FsConfig.AzBlobConfig.SASURL.Hide()
+		}
 	case vfs.CryptedFilesystemProvider:
-		u.FsConfig.CryptConfig.Passphrase.Hide()
+		if u.FsConfig.CryptConfig.Passphrase != nil {
+			u.FsConfig.CryptConfig.Passphrase.Hide()
+		}
 	case vfs.SFTPFilesystemProvider:
-		u.FsConfig.SFTPConfig.Password.Hide()
-		u.FsConfig.SFTPConfig.PrivateKey.Hide()
+		if u.FsConfig.SFTPConfig.Password != nil {
+			u.FsConfig.SFTPConfig.Password.Hide()
+		}
+		if u.FsConfig.SFTPConfig.PrivateKey != nil {
+			u.FsConfig.SFTPConfig.PrivateKey.Hide()
+		}
 	}
 }
 
diff --git a/docker/README.md b/docker/README.md
index 2c682fc6a..99c2de0e4 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -4,10 +4,10 @@ SFTPGo provides an official Docker image, it is available on both [Docker Hub](h
 
 ## Supported tags and respective Dockerfile links
 
-- [v2.1.1, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile)
-- [v2.1.1-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile.alpine)
-- [v2.1.1-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile)
-- [v2.1.1-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.1/Dockerfile.alpine)
+- [v2.1.2, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
+- [v2.1.2-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
+- [v2.1.2-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
+- [v2.1.2-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
 - [edge](../Dockerfile)
 - [edge-alpine](../Dockerfile.alpine)
 - [edge-slim](../Dockerfile)
diff --git a/httpd/schema/openapi.yaml b/httpd/schema/openapi.yaml
index d98f24083..4b00da099 100644
--- a/httpd/schema/openapi.yaml
+++ b/httpd/schema/openapi.yaml
@@ -17,7 +17,7 @@ info:
     Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
     SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
     Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
-  version: 2.1.1
+  version: 2.1.2
   contact:
     name: API support
     url: 'https://github.com/drakkan/sftpgo'
diff --git a/version/version.go b/version/version.go
index 58096991c..d760dbe55 100644
--- a/version/version.go
+++ b/version/version.go
@@ -2,7 +2,7 @@ package version
 
 import "strings"
 
-const version = "2.1.1"
+const version = "2.1.2"
 
 var (
 	commit = ""
diff --git a/vfs/folder.go b/vfs/folder.go
index 73090afb5..8f332b1f7 100644
--- a/vfs/folder.go
+++ b/vfs/folder.go
@@ -103,17 +103,31 @@ func (v *BaseVirtualFolder) IsLocalOrLocalCrypted() bool {
 func (v *BaseVirtualFolder) hideConfidentialData() {
 	switch v.FsConfig.Provider {
 	case S3FilesystemProvider:
-		v.FsConfig.S3Config.AccessSecret.Hide()
+		if v.FsConfig.S3Config.AccessSecret != nil {
+			v.FsConfig.S3Config.AccessSecret.Hide()
+		}
 	case GCSFilesystemProvider:
-		v.FsConfig.GCSConfig.Credentials.Hide()
+		if v.FsConfig.GCSConfig.Credentials != nil {
+			v.FsConfig.GCSConfig.Credentials.Hide()
+		}
 	case AzureBlobFilesystemProvider:
-		v.FsConfig.AzBlobConfig.AccountKey.Hide()
-		v.FsConfig.AzBlobConfig.SASURL.Hide()
+		if v.FsConfig.AzBlobConfig.AccountKey != nil {
+			v.FsConfig.AzBlobConfig.AccountKey.Hide()
+		}
+		if v.FsConfig.AzBlobConfig.SASURL != nil {
+			v.FsConfig.AzBlobConfig.SASURL.Hide()
+		}
 	case CryptedFilesystemProvider:
-		v.FsConfig.CryptConfig.Passphrase.Hide()
+		if v.FsConfig.CryptConfig.Passphrase != nil {
+			v.FsConfig.CryptConfig.Passphrase.Hide()
+		}
 	case SFTPFilesystemProvider:
-		v.FsConfig.SFTPConfig.Password.Hide()
-		v.FsConfig.SFTPConfig.PrivateKey.Hide()
+		if v.FsConfig.SFTPConfig.Password != nil {
+			v.FsConfig.SFTPConfig.Password.Hide()
+		}
+		if v.FsConfig.SFTPConfig.PrivateKey != nil {
+			v.FsConfig.SFTPConfig.PrivateKey.Hide()
+		}
 	}
 }