github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

bug: strange ini parse key causes segfault, at U2F #2649

New Issue
Closed
opened 2025-11-02 04:43:25 -06:00 by GiteaMirror · 5 comments
GiteaMirror commented 2025-11-02 04:43:25 -06:00
Owner
Copy Link

Originally created by @mckaygerhard on GitHub (Dec 11, 2018).

  • Gitea version (or commit ref): 1.5.3 and 1.6.0
  • Git version: not relevant
  • Operating system: Linux, Mac, not relevant
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant

Description

I try to understand why the gitea crash when a no valid U2F are set or not set, by example if i do not set the email, gitea property crash with indicated error:

2018/12/11 16:24:04 [...s/setting/setting.go:1504 newMailService()] [E] Invalid mailer.FROM (): mail: no address

but that its not the case for the U2F, instead gitea crash abrupted and does not specify why and when.. and user must debug to make this issue, log error of crash debug are at end of the issue.. i tested by removing the part "bad configured" and gitea does not crash! (also the crash are not very helpfull!)

also documentation are very very ambigous! documentations says at gitea docs:

U2F (U2F)
    APP_ID: ROOT_URL: Declares the facet of the application. Requires HTTPS.
    TRUSTED_FACETS: List of additional facets which are trusted. This is not support by all browsers.

The config example file said something not very similar:

[U2F]
; Two Factor authentication with security keys
; https://developers.yubico.com/U2F/App_ID.html
APP_ID         = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
; Comma seperated list of truisted facets
TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/

...

log

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x7f200c6a22ae]

goroutine 1 [running]:
code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).transformValue(0xc4201bd7a0, 0xc4201ed801, 0x28, 0xc4204c4d10, 0x7f200c3717d7)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:123 +0x1de
code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).String(0xc4201bd7a0, 0xc420206380, 0x18)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:130 +0x3f
code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).MustString(0xc4201bd7a0, 0xc420206380, 0x18, 0x1, 0xc420206380)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:202 +0x31
code.gitea.io/gitea/modules/setting.NewContext()
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/modules/setting/setting.go:1151 +0x3b7c
code.gitea.io/gitea/routers.GlobalInit()
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/routers/init.go:47 +0x4c
code.gitea.io/gitea/cmd.runWeb(0xc4200bb2c0, 0x0, 0x0)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/cmd/web.go:83 +0xb7
code.gitea.io/gitea/vendor/github.com/urfave/cli.HandleAction(0x7f200d596e20, 0x7f200d7203e0, 0xc4200bb2c0, 0xc420052200, 0x0)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:471 +0xbb
code.gitea.io/gitea/vendor/github.com/urfave/cli.Command.Run(0x7f200cf6f568, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f200cf90870, 0x16, 0x0, ...)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/command.go:191 +0xb4d
code.gitea.io/gitea/vendor/github.com/urfave/cli.(*App).Run(0xc420465040, 0xc42000c200, 0x2, 0x2, 0x0, 0x0)
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:241 +0x661
main.main()
	/home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/main.go:52 +0x469
Originally created by @mckaygerhard on GitHub (Dec 11, 2018). - Gitea version (or commit ref): 1.5.3 and 1.6.0 - Git version: not relevant - Operating system: Linux, Mac, not relevant - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant ## Description I try to understand why the gitea crash when a no valid U2F are set or not set, by example if i do not set the email, gitea property crash with indicated error: `2018/12/11 16:24:04 [...s/setting/setting.go:1504 newMailService()] [E] Invalid mailer.FROM (): mail: no address` but that its not the case for the `U2F`, instead gitea crash abrupted and does not specify why and when.. and user must debug to make this issue, log error of crash debug are at end of the issue.. i tested by removing the part "bad configured" and gitea does not crash! (also the crash are not very helpfull!) also documentation are very very ambigous! documentations says at gitea docs: ``` U2F (U2F) APP_ID: ROOT_URL: Declares the facet of the application. Requires HTTPS. TRUSTED_FACETS: List of additional facets which are trusted. This is not support by all browsers. ``` The config example file said something not very similar: ``` [U2F] ; Two Factor authentication with security keys ; https://developers.yubico.com/U2F/App_ID.html APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ ; Comma seperated list of truisted facets TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ ``` ... ## log ``` panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x7f200c6a22ae] goroutine 1 [running]: code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).transformValue(0xc4201bd7a0, 0xc4201ed801, 0x28, 0xc4204c4d10, 0x7f200c3717d7) /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:123 +0x1de code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).String(0xc4201bd7a0, 0xc420206380, 0x18) /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:130 +0x3f code.gitea.io/gitea/vendor/gopkg.in/ini%2ev1.(*Key).MustString(0xc4201bd7a0, 0xc420206380, 0x18, 0x1, 0xc420206380) /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/gopkg.in/ini.v1/key.go:202 +0x31 code.gitea.io/gitea/modules/setting.NewContext() /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/modules/setting/setting.go:1151 +0x3b7c code.gitea.io/gitea/routers.GlobalInit() /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/routers/init.go:47 +0x4c code.gitea.io/gitea/cmd.runWeb(0xc4200bb2c0, 0x0, 0x0) /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/cmd/web.go:83 +0xb7 code.gitea.io/gitea/vendor/github.com/urfave/cli.HandleAction(0x7f200d596e20, 0x7f200d7203e0, 0xc4200bb2c0, 0xc420052200, 0x0) /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:471 +0xbb code.gitea.io/gitea/vendor/github.com/urfave/cli.Command.Run(0x7f200cf6f568, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f200cf90870, 0x16, 0x0, ...) /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/command.go:191 +0xb4d code.gitea.io/gitea/vendor/github.com/urfave/cli.(*App).Run(0xc420465040, 0xc42000c200, 0x2, 0x2, 0x0, 0x0) /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:241 +0x661 main.main() /home/admin/gitea/venenuxgitea/gitea-1.5.3/obj-x86_64-linux-gnu/src/code.gitea.io/gitea/main.go:52 +0x469 ```
GiteaMirror added the issue/duplicate label 2025-11-02 04:43:25 -06:00
GiteaMirror commented 2025-11-02 04:43:26 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Dec 11, 2018):

There is already issue for this

@lafriks commented on GitHub (Dec 11, 2018): There is already issue for this
GiteaMirror commented 2025-11-02 04:43:27 -06:00
Author
Owner
Copy Link

@mckaygerhard commented on GitHub (Dec 11, 2018):

i'll close please tell me what its the issue number, i search previously and i not found easyle! and then i'll close

@mckaygerhard commented on GitHub (Dec 11, 2018): i'll close please tell me what its the issue number, i search previously and i not found easyle! and then i'll close
GiteaMirror commented 2025-11-02 04:43:27 -06:00
Author
Owner
Copy Link

@mckaygerhard commented on GitHub (Dec 11, 2018):

seems for you duplicate of #4692 but i think its not! due i report agains stable version.. as i put in the blog! more releases and more releases and open new bugs, i have a gitea open issue about the documentation with some questions not yet answered, that will help in each release to parse some "exceptions" and then users and administrators can deploy witout "surprises"

also u ask in the debian-package repository some others questions to send pull's to that.. but that repository will still active ?

@mckaygerhard commented on GitHub (Dec 11, 2018): seems for you duplicate of #4692 but i think its not! due i report agains stable version.. as i put in the blog! more releases and more releases and open new bugs, i have a gitea open issue about the documentation with some questions not yet answered, that will help in each release to parse some "exceptions" and then users and administrators can deploy witout "surprises" also u ask in the debian-package repository some others questions to send pull's to that.. but that repository will still active ?
GiteaMirror commented 2025-11-02 04:43:27 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Dec 11, 2018):

Closing as same issue as #4692. Even though the original poster of that ticket is using a different version than you, it is the same bug that is present.

Please remember that maintainers of Gitea are all volunteer, and give as much time as they can to this project, however we aren't able to respond to everything right away. Gitea is focused on adding new features AND fixing bugs. Just today 6 PRs were merged for bug fixes, as well as we soon will merge support for automated testing of MSSQL so we can have better testing coverage to catch even more bugs. As mentioned before if you need support or features right away, you are free to pay someone.

@techknowlogick commented on GitHub (Dec 11, 2018): Closing as same issue as #4692. Even though the original poster of that ticket is using a different version than you, it is the same bug that is present. Please remember that maintainers of Gitea are all volunteer, and give as much time as they can to this project, however we aren't able to respond to everything right away. Gitea is focused on adding new features AND fixing bugs. Just today 6 PRs were merged for bug fixes, as well as we soon will merge support for automated testing of MSSQL so we can have better testing coverage to catch even more bugs. As mentioned before if you need support or features right away, you are free to pay someone.
GiteaMirror commented 2025-11-02 04:43:27 -06:00
Author
Owner
Copy Link

@mckaygerhard commented on GitHub (Dec 11, 2018):

my questions are for contribute too! i cannot help if i dont know how and what i help! right? please some one to help with #5466

@mckaygerhard commented on GitHub (Dec 11, 2018): my questions are for contribute too! i cannot help if i dont know how and what i help! right? please some one to help with #5466
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/duplicate
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#2649
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?