[PR #7068] [MERGED] fix: return Err instead of panic on unknown cipher atype in to_json() #20743

New Issue

Closed

opened 2026-04-25 22:42:35 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-25 22:42:35 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/7068
Author: @mango766
Created: 4/9/2026
Status: ✅ Merged
Merged: 4/29/2026
Merged by: @dani-garcia

Base: main ← Head: fix/cipher-type-panic

---

📝 Commits (3)

• d37a0a4 fix: return error instead of panicking on invalid cipher type in to_json
• cdb4a06 Merge branch 'main' into fix/cipher-type-panic
• 8fb0843 Merge branch 'main' into fix/cipher-type-panic

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 src/db/models/cipher.rs (+1 -1)

📄 Description

Fixes #7067

What

Cipher::to_json() returns Result<Value, Error> but the wildcard arm of the atype match called panic!("Wrong type"). This means if a cipher with an unrecognised type exists in the database, the whole request (and potentially the server) panics instead of failing gracefully.

Change

One-line fix — replace panic! with err!, which is already used elsewhere in the same file:

-            _ => panic!("Wrong type"),
+            _ => err!(format!("Cipher {} has an invalid type {}", self.uuid, self.atype)),

This lets callers receive a proper Err, the error gets logged, and the sync request returns a failure response without crashing the server.

How it can happen

• A cipher row is edited directly in the database
• A future Bitwarden protocol version introduces a new type that vaultwarden doesn't yet recognise
• Data migration from a third-party tool writes an unexpected value

In all these cases the current code would terminate the Rocket worker thread for every sync request that includes that cipher, affecting all concurrent users.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/7068 **Author:** [@mango766](https://github.com/mango766) **Created:** 4/9/2026 **Status:** ✅ Merged **Merged:** 4/29/2026 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `fix/cipher-type-panic` --- ### 📝 Commits (3) - [`d37a0a4`](https://github.com/dani-garcia/vaultwarden/commit/d37a0a4219f0bfe6f83070bb006e1d20de6ff326) fix: return error instead of panicking on invalid cipher type in to_json - [`cdb4a06`](https://github.com/dani-garcia/vaultwarden/commit/cdb4a06b3d8deb1a8160a8a8367401eebe623b71) Merge branch 'main' into fix/cipher-type-panic - [`8fb0843`](https://github.com/dani-garcia/vaultwarden/commit/8fb0843376828e645283068568332069960f7730) Merge branch 'main' into fix/cipher-type-panic ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/db/models/cipher.rs` (+1 -1) </details> ### 📄 Description Fixes #7067 ## What `Cipher::to_json()` returns `Result<Value, Error>` but the wildcard arm of the `atype` match called `panic!("Wrong type")`. This means if a cipher with an unrecognised type exists in the database, the whole request (and potentially the server) panics instead of failing gracefully. ## Change One-line fix — replace `panic!` with `err!`, which is already used elsewhere in the same file: ```diff - _ => panic!("Wrong type"), + _ => err!(format!("Cipher {} has an invalid type {}", self.uuid, self.atype)), ``` This lets callers receive a proper `Err`, the error gets logged, and the sync request returns a failure response without crashing the server. ## How it can happen - A cipher row is edited directly in the database - A future Bitwarden protocol version introduces a new type that vaultwarden doesn't yet recognise - Data migration from a third-party tool writes an unexpected value In all these cases the current code would terminate the Rocket worker thread for every sync request that includes that cipher, affecting all concurrent users. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-25 22:42:35 -05:00

GiteaMirror changed title from [PR #7068] fix: return Err instead of panic on unknown cipher atype in to_json() to [PR #7068] [MERGED] fix: return Err instead of panic on unknown cipher atype in to_json() 2026-04-30 08:24:39 -05:00

GiteaMirror closed this issue 2026-04-30 08:24:40 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.36.0

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#20743