From b6d425f0fa699c0ef8c412580a4417152fffe3f4 Mon Sep 17 00:00:00 2001 From: Balki <189196+balki@users.noreply.github.com> Date: Wed, 17 Aug 2022 18:25:28 +0000 Subject: [PATCH] Fix panic when an invalid oauth2 name is passed (#20820) Backport #20820 When trying to access an invalid oauth2 link, we get an internal server error and can see a panic stack-trace in logs Example: Try to go to this url for a gitea installation https:///user/oauth2/DoesNotExist?redirect_to= It causes an internal server error Stack trace in log ``` 2022/08/17 01:26:50 routers/web/base.go:134:1() [E] [62fc43da] PANIC: runtime error: invalid memory address or nil pointer dereference /usr/local/go/src/runtime/panic.go:220 (0x453095) /usr/local/go/src/runtime/signal_unix.go:818 (0x453065) /source/routers/web/auth/oauth.go:1100 (0x20f6ef7) /source/routers/web/auth/oauth.go:785 (0x20f4684) /source/modules/web/wrap_convert.go:47 (0x1f45196) /source/modules/web/wrap.go:41 (0x1f433c9) /usr/local/go/src/net/http/server.go:2084 (0x93cace) ``` Root cause: In this [line](https://github.com/go-gitea/gitea/blob/a4e91c4197483c94f13e623c962b6b011494e949/models/auth/oauth2.go#L516) here, err is nil. The caller assumes no error and tries to access a `nil *Source` --- models/auth/oauth2.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go index c5c6e91120f85..9c479becd9852 100644 --- a/models/auth/oauth2.go +++ b/models/auth/oauth2.go @@ -512,10 +512,14 @@ func GetActiveOAuth2ProviderSources() ([]*Source, error) { func GetActiveOAuth2SourceByName(name string) (*Source, error) { authSource := new(Source) has, err := db.GetEngine(db.DefaultContext).Where("name = ? and type = ? and is_active = ?", name, OAuth2, true).Get(authSource) - if !has || err != nil { + if err != nil { return nil, err } + if !has { + return nil, fmt.Errorf("oauth2 source not found, name: %q", name) + } + return authSource, nil }