scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 02:02:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Transit: fix race in the key update api (#28839)

Browse Source 
- The key update API would release the lock a little too early
   after it persisted the update so the reference could be updated
   when it was preparing the response to the caller across updates
   and/or key rotations
 - The storage updates were okay, just the response back to the caller
   of the update might see a mixture of different updates
This commit is contained in:
Steven Clark
2024-11-05 14:41:09 -05:00
committed by GitHub
parent c855f6e982
commit 752bb08664
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
builtin/logical/transit/path_keys.go
View File

@@ -260,9 +260,10 @@ func (b *backend) pathPolicyWrite(ctx context.Context, req *logical.Request, d *
if p == nil { if p == nil {
return nil, fmt.Errorf("error generating key: returned policy was nil") return nil, fmt.Errorf("error generating key: returned policy was nil")
} }
if b.System().CachingDisabled() { if !b.System().CachingDisabled() {
p.Unlock() p.Lock(true)
} }
defer p.Unlock()
resp, err := b.formatKeyPolicy(p, nil) resp, err := b.formatKeyPolicy(p, nil)
if err != nil { if err != nil {

3
changelog/28839.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update
```