We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ctrl_body_cb doesn't check resp->body before copying into it, and it is possible for it to be null.
One way to trigger this is by attempting to enroll an ER identity:
ziti edge create er --jwt er.jwt
sample_enroll er.jwt er.json (21902)[ 0.000] INFO ziti-sdk:utils.c:201 ziti_log_set_level() set log level: root=6/TRACE (21902)[ 0.000] INFO ziti-sdk:utils.c:172 ziti_log_init() Ziti C SDK version 0.36.11.1 @b35d0e8(gcc.14) starting at (2024-05-01T14:10:39.886) (21902)[ 0.000] DEBUG ziti-sdk:zitilib.c:1010 looper() loop is starting (21902)[ 0.001] INFO ziti-sdk:ziti_enroll.c:90 ziti_enroll() Ziti C SDK version 0.36.11.1 @b35d0e8(gcc.14) starting enrollment at (2024-05-01T14:10:39.887) (21902)[ 0.001] VERBOSE ziti-sdk:jwt.c:100 load_jwt_content() jwt file content is: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdmNDg5YjQwNWIxNjUyOTRjYWMzZGFhMzg2MzE4ZjI2YmIzOWUxMTEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL3NoYXducy1tMS1tYnAubG9jYWxkb21haW46MTI4MCIsInN1YiI6IkxKNkhDb2hySiIsImF1ZCI6WyIiXSwiZXhwIjoxNzE0NjU5MDMzLCJqdGkiOiJjNjZjNDc4My01ZGJhLTQ4MTctOTcyZS1jZTRlYWFmMDA0OGMiLCJlbSI6ImVyb3R0In0.T1OZ8XiR5W5JmTV-xEztucqMoiuUcTuHpQQMSSGKUBAYUXKITeYNIdqVAbVoTC-wZaUhndhsy1LIJPTBkCuTTxCKMcEFGCavSjy1A1zr_UNv0Uw0pb0I4zL80Ai0gF70cr0RNLLDHnqIojADGfEBbchz--3pIS8hZ10tVjsV3OUIp1jr1UM4CLc2b7WGfvjXMtQunhXo82yOBDU-KS33d5mK3yuTUwiMIrDfMzuXSVwsOxg6ZoyszVd_9Cx_7g2pbzoIaDfLvDBx8O_ZPI7J0z4pp6olPkoObrIDGMcxvJlfmFjexJyfqb9xfBOuA_w_MhPvuRIj5pREXpbI8bTf_8rL6QSERV0pB1cSHPP_gZTHWpERmU8hvrFg3JG5J2il6fXSikwCmhZAojrCmK1kl6ZmeOVCpA-1FScrB8rTAoZZuiEElOVfQPOwrWJYap5kxjXkZ0sD9uZyIZEriWI1d1hAzHymseKw1s97Scpvh6gbUprX8Xem90vrS-wM-BtfFz54iNhQ1PIFqZ_EFwf1Ok83Wbs-IZm59JztkKKo9Q99N-GoM2a-XYVAJiyr_0_roLeUaTjvt7c35nQuJlxfABnfy72HJAxQN16jsUvkEtp5i9vb4nNT-qCiFz_szAsBOq5xYFMiuNYQzgNSSqSNBgB5uKK3tohXMvaivfedfoM (21902)[ 0.001] DEBUG ziti-sdk:jwt.c:36 parse_jwt_content() ecfg->jwt_signing_input is: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdmNDg5YjQwNWIxNjUyOTRjYWMzZGFhMzg2MzE4ZjI2YmIzOWUxMTEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL3NoYXducy1tMS1tYnAubG9jYWxkb21haW46MTI4MCIsInN1YiI6IkxKNkhDb2hySiIsImF1ZCI6WyIiXSwiZXhwIjoxNzE0NjU5MDMzLCJqdGkiOiJjNjZjNDc4My01ZGJhLTQ4MTctOTcyZS1jZTRlYWFmMDA0OGMiLCJlbSI6ImVyb3R0In0 (21902)[ 0.001] DEBUG tlsuv:base64.c:107 base64url_decode len is: 512 (21902)[ 0.001] DEBUG tlsuv:base64.c:107 base64url_decode len is: 76 (21902)[ 0.001] DEBUG tlsuv:base64.c:107 base64url_decode len is: 152 (21902)[ 0.001] DEBUG ziti-sdk:ziti_ctrl.c:415 ziti_ctrl_init() ctrl[shawns-m1-mbp.localdomain] ziti controller client initialized (21902)[ 0.001] VERBOSE ziti-sdk:ziti_ctrl.c:143 start_request() ctrl[shawns-m1-mbp.localdomain] starting GET[/.well-known/est/cacerts] (21902)[ 0.003] VERBOSE tlsuv:http.c:400 client not connected, starting connect sequence (21902)[ 0.003] DEBUG tlsuv:tcp_src.c:158 resolving 'shawns-m1-mbp.localdomain:1280' (21902)[ 0.006] TRACE tlsuv:tcp_src.c:99 resolved status = 0 (21902)[ 0.006] VERBOSE tlsuv:http.c:260 src connected status = 0 (21902)[ 0.006] TRACE tlsuv:tls_link.c:54 TLS(0x150f052d0) starting handshake(st = 0) (21902)[ 0.006] TRACE tlsuv:tls_link.c:243 io buffering 342 bytes (21902)[ 0.006] TRACE tlsuv:tls_link.c:66 TLS(0x150f052d0) started handshake(st = 1) (21902)[ 0.006] TRACE tlsuv:tls_link.c:223 flushing 342 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:75 TLS(0x150f052d0)[1]: 2438 (21902)[ 0.039] TRACE tlsuv:tls_link.c:101 TLS(0x150f052d0) continuing handshake(2438 bytes received) (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 5/2438 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 122/2433 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 5/2311 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 1/2306 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 5/2305 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 38/2300 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 5/2262 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 62/2257 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 5/2195 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 1590/2190 bytes (21902)[ 0.039] VERBOSE tlsuv:engine.c:643 verifying /C=US/L=Charlotte/O=NetFoundry/OU=ADV-DEV/CN=NetFoundry Inc. Server 0-b2UCUzs (21902)[ 0.039] DEBUG ziti-sdk:ziti_enroll.c:39 verify_controller_jwt() verifying JWT signature (21902)[ 0.039] DEBUG ziti-sdk:ziti_enroll.c:67 verify_controller_jwt() JWT verification succeeded! (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 5/600 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 537/595 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 5/58 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:281 read 53/53 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:243 io buffering 94 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:223 flushing 94 bytes (21902)[ 0.039] TRACE tlsuv:tls_link.c:106 TLS(0x150f052d0) handshake completed (21902)[ 0.039] TRACE tlsuv:http.c:186 handshake completed with alpn[http/1.1] (21902)[ 0.040] VERBOSE tlsuv:http.c:409 client connected, processing request[/.well-known/est/cacerts] state[0] (21902)[ 0.040] VERBOSE tlsuv:http.c:411 sending request[/.well-known/est/cacerts] headers (21902)[ 0.040] TRACE tlsuv:http.c:422 writing request >>> GET /.well-known/est/cacerts HTTP/1.1 Host: shawns-m1-mbp.localdomain Connection: keep-alive Accept-Encoding: gzip, deflate Accept: application/pkcs7-mime (21902)[ 0.040] TRACE tlsuv:tls_link.c:243 io buffering 184 bytes (21902)[ 0.040] TRACE tlsuv:tls_link.c:223 flushing 184 bytes (21902)[ 0.040] VERBOSE tlsuv:http.c:430 sending request[/.well-known/est/cacerts] body (21902)[ 0.040] VERBOSE tlsuv:http.c:294 request write completed: 0 (21902)[ 0.040] TRACE tlsuv:tls_link.c:75 TLS(0x150f052d0)[2]: 2023 (21902)[ 0.040] TRACE tlsuv:tls_link.c:118 TLS(0x150f052d0) processing 2023 bytes (21902)[ 0.040] TRACE tlsuv:tls_link.c:281 read 5/2023 bytes (21902)[ 0.040] TRACE tlsuv:tls_link.c:281 read 139/2018 bytes (21902)[ 0.040] TRACE tlsuv:tls_link.c:281 read 5/1879 bytes (21902)[ 0.040] TRACE tlsuv:tls_link.c:281 read 1203/1874 bytes (21902)[ 0.040] TRACE tlsuv:tls_link.c:281 read 5/671 bytes (21902)[ 0.040] TRACE tlsuv:tls_link.c:281 read 666/666 bytes (21902)[ 0.040] VERBOSE tlsuv:tls_link.c:132 TLS(0x150f052d0) produced 1835 application byte (rc=0) (21902)[ 0.040] TRACE tlsuv:http_req.c:77 processing 1835 bytes HTTP/1.1 200 OK Content-Encoding: gzip Content-Length: 1583 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime Server: ziti-controller/v0.0.0 Ziti-Instance-Id: clupewjw90000vvff3ncc8kl8 Date: Wed, 01 May 2024 14:10:39 GMT (21902)[ 0.040] VERBOSE tlsuv:http_req.c:359 status = 200 OK (21902)[ 0.040] VERBOSE tlsuv:http_req.c:318 headers complete (21902)[ 0.040] VERBOSE ziti-sdk:ziti_ctrl.c:178 ctrl_resp_cb() ctrl[shawns-m1-mbp.localdomain] received headers GET[/.well-known/est/cacerts] (21902)[ 0.040] VERBOSE tlsuv:http_req.c:369 message complete (21902)[ 0.040] VERBOSE ziti-sdk:ziti_enroll.c:142 well_known_certs_cb() base64_encoded_pkcs7 is: MIIGDwYJKoZIhvcNAQcCoIIGADCCBfwCAQExADALBgkqhkiG9w0BBwGgggXiMIIF 3jCCA8agAwIBAgIRAIhEvfP1YPTk6GuzN9DRLaIwDQYJKoZIhvcNAQELBQAweDEL MAkGA1UEBhMCVVMxEjAQBgNVBAcTCUNoYXJsb3R0ZTETMBEGA1UEChMKTmV0Rm91 bmRyeTEQMA4GA1UECxMHQURWLURFVjEuMCwGA1UEAxMlTmV0Rm91bmRyeSBJbmMu IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMjExMTgxOTI0NDNaFw0zMjExMTUx OTI1NDJaMHgxCzAJBgNVBAYTAlVTMRIwEAYDVQQHEwlDaGFybG90dGUxEzARBgNV BAoTCk5ldEZvdW5kcnkxEDAOBgNVBAsTB0FEVi1ERVYxLjAsBgNVBAMTJU5ldEZv dW5kcnkgSW5jLiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQC9hVu3YfEaRwaSDE8PEzJbGC+tWeRk0vAwEKyQj4XP xEJe8Wrw3vWFsvbLfQx4pc4DtFm/MfRkXzV71y1qRjYXPaJv0xxXbszqkwx+ZZSb BUm+MLjyfPJ1azN2nl261ET3k58NA4Epa/cAEV6m5/G2g7IxniLELLTvJKlrO5Hx LBSvTlx8dJgB/C8/3RGJsaAzTLjtCCNAhj+vtD7MvvIN0qA1qEGcj7n4pPibNLp2 SFTmKLJ/IDgcN4ISfW87eAsXVj/Jgm7hi+FBR7GhwzhO6T01Jph9YLZt6TSpxAR7 VRyYX9sJoxPm1JUkEcrrTKJ0vG9K2BopoTAJPv/M+BMdTqCcHCazewKc1Ea3hM3b /X4TOoD4ji2reKV15HZJYxld1sf0hs8ez2508uMa2YP+JQLzLa6W3gm4l90KAVS2 dzzzV44tOkUVzpV/uv6ikt1 (21902)[ 0.040] DEBUG ziti-sdk:ziti_enroll.c:155 well_known_certs_cb() CA PEM len = 2094 (21902)[ 0.040] TRACE ziti-sdk:ziti_enroll.c:156 well_known_certs_cb() CA PEM: -----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIRAIhEvfP1YPTk6GuzN9DRLaIwDQYJKoZIhvcNAQELBQAw eDELMAkGA1UEBhMCVVMxEjAQBgNVBAcTCUNoYXJsb3R0ZTETMBEGA1UEChMKTmV0 Rm91bmRyeTEQMA4GA1UECxMHQURWLURFVjEuMCwGA1UEAxMlTmV0Rm91bmRyeSBJ bmMuIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMjExMTgxOTI0NDNaFw0zMjEx MTUxOTI1NDJaMHgxCzAJBgNVBAYTAlVTMRIwEAYDVQQHEwlDaGFybG90dGUxEzAR BgNVBAoTCk5ldEZvdW5kcnkxEDAOBgNVBAsTB0FEVi1ERVYxLjAsBgNVBAMTJU5l dEZvdW5kcnkgSW5jLiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3 DQEBAQUAA4ICDwAwggIKAoICAQC9hVu3YfEaRwaSDE8PEzJbGC+tWeRk0vAwEKyQ j4XPxEJe8Wrw3vWFsvbLfQx4pc4DtFm/MfRkXzV71y1qRjYXPaJv0xxXbszqkwx+ ZZSbBUm+MLjyfPJ1azN2nl261ET3k58NA4Epa/cAEV6m5/G2g7IxniLELLTvJKlr O5HxLBSvTlx8dJgB/C8/3RGJsaAzTLjtCCNAhj+vtD7MvvIN0qA1qEGcj7n4pPib NLp2SFTmKLJ/IDgcN4ISfW87eAsXVj/Jgm7hi+FBR7GhwzhO6T01Jph9YLZt6TSp xAR7VRyYX9sJoxPm1JUkEcrrTKJ0vG9K2BopoTAJPv/M+BMdTqCcHCazewKc1Ea3 hM3b/X4TOoD4ji2reKV15HZJYxld1sf0hs8ez2508uMa2YP+JQLzLa6W3gm4l90K AVS2dzzzV44tOkUVzpV/uv6ikt1XVcc1Q7TGfI5r4n1Ka4XBQGjdVc9CxHH3j0T1 YBOjeRGvdP/j (21902)[ 0.040] DEBUG ziti-sdk:ziti_ctrl.c:415 ziti_ctrl_init() ctrl[shawns-m1-mbp.localdomain] ziti controller client initialized (21902)[ 0.040] VERBOSE ziti-sdk:ziti_ctrl.c:143 start_request() ctrl[shawns-m1-mbp.localdomain] starting POST[/enroll?method=unknown ziti_enrollment_method&token=c66c4783-5dba-4817-972e-ce4eaaf0048c] (21902)[ 0.040] VERBOSE tlsuv:http_req.c:82 processed 1835 of 1835 (21902)[ 0.041] VERBOSE tlsuv:http.c:391 no more requests, scheduling idle(0) close (21902)[ 0.041] VERBOSE tlsuv:http.c:400 client not connected, starting connect sequence (21902)[ 0.041] DEBUG tlsuv:tcp_src.c:158 resolving 'shawns-m1-mbp.localdomain:1280' (21902)[ 0.041] VERBOSE tlsuv:http.c:376 idle timeout triggered (21902)[ 0.041] VERBOSE tlsuv:http.c:367 closing connection (21902)[ 0.041] TRACE tlsuv:tls_link.c:185 closing TLS link (21902)[ 0.043] TRACE tlsuv:tcp_src.c:99 resolved status = 0 (21902)[ 0.044] VERBOSE tlsuv:http.c:260 src connected status = 0 (21902)[ 0.044] TRACE tlsuv:tls_link.c:54 TLS(0x150e05750) starting handshake(st = 0) (21902)[ 0.044] TRACE tlsuv:tls_link.c:243 io buffering 342 bytes (21902)[ 0.044] TRACE tlsuv:tls_link.c:66 TLS(0x150e05750) started handshake(st = 1) (21902)[ 0.044] TRACE tlsuv:tls_link.c:223 flushing 342 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:75 TLS(0x150e05750)[1]: 2438 (21902)[ 0.052] TRACE tlsuv:tls_link.c:101 TLS(0x150e05750) continuing handshake(2438 bytes received) (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/2438 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 122/2433 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/2311 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 1/2306 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/2305 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 38/2300 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/2262 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 62/2257 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/2195 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 1590/2190 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/600 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 537/595 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/58 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 53/53 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:243 io buffering 94 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:223 flushing 94 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:106 TLS(0x150e05750) handshake completed (21902)[ 0.052] TRACE tlsuv:http.c:186 handshake completed with alpn[http/1.1] (21902)[ 0.052] VERBOSE tlsuv:http.c:409 client connected, processing request[/enroll?method=unknown ziti_enrollment_method&token=c66c4783-5dba-4817-972e-ce4eaaf0048c] state[0] (21902)[ 0.052] VERBOSE tlsuv:http.c:411 sending request[/enroll?method=unknown ziti_enrollment_method&token=c66c4783-5dba-4817-972e-ce4eaaf0048c] headers (21902)[ 0.052] TRACE tlsuv:http.c:422 writing request >>> POST /enroll?method=unknown ziti_enrollment_method&token=c66c4783-5dba-4817-972e-ce4eaaf0048c HTTP/1.1 Content-Length: 0 Content-Type: application/json Host: shawns-m1-mbp.localdomain Connection: keep-alive Accept-Encoding: gzip, deflate Accept: application/json (21902)[ 0.052] TRACE tlsuv:tls_link.c:243 io buffering 294 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:223 flushing 294 bytes (21902)[ 0.052] VERBOSE tlsuv:http.c:430 sending request[/enroll?method=unknown ziti_enrollment_method&token=c66c4783-5dba-4817-972e-ce4eaaf0048c] body (21902)[ 0.052] VERBOSE tlsuv:http.c:294 request write completed: 0 (21902)[ 0.052] TRACE tlsuv:tls_link.c:75 TLS(0x150e05750)[2]: 144 (21902)[ 0.052] TRACE tlsuv:tls_link.c:118 TLS(0x150e05750) processing 144 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/144 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 139/139 bytes (21902)[ 0.052] VERBOSE tlsuv:tls_link.c:132 TLS(0x150e05750) produced 0 application byte (rc=-3) (21902)[ 0.052] TRACE tlsuv:tls_link.c:75 TLS(0x150e05750)[2]: 149 (21902)[ 0.052] TRACE tlsuv:tls_link.c:118 TLS(0x150e05750) processing 149 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/149 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 120/144 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 5/24 bytes (21902)[ 0.052] TRACE tlsuv:tls_link.c:281 read 19/19 bytes (21902)[ 0.052] VERBOSE tlsuv:tls_link.c:132 TLS(0x150e05750) produced 103 application byte (rc=0) (21902)[ 0.052] TRACE tlsuv:http_req.c:77 processing 103 bytes HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close 400 Bad Request (21902)[ 0.052] VERBOSE tlsuv:http_req.c:359 status = 400 Bad Request (21902)[ 0.052] VERBOSE tlsuv:http_req.c:318 headers complete (21902)[ 0.052] VERBOSE ziti-sdk:ziti_ctrl.c:178 ctrl_resp_cb() ctrl[shawns-m1-mbp.localdomain] received headers POST[/enroll?method=unknown ziti_enrollment_method&token=c66c4783-5dba-4817-972e-ce4eaaf0048c] Exception: EXC_BAD_ACCESS (code=1, address=0x0)
btw it looks like the controller shouldn't be sending text/plain and/or no Content-Length, but the c sdk shouldn't crash regardless.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
ctrl_body_cb doesn't check resp->body before copying into it, and it is possible for it to be null.
One way to trigger this is by attempting to enroll an ER identity:
btw it looks like the controller shouldn't be sending text/plain and/or no Content-Length, but the c sdk shouldn't crash regardless.
The text was updated successfully, but these errors were encountered: