Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security] fix #39249, default entry_point compiler pass was returning too early#39261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
…eturning too early
wouterj left a comment• edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thank you for report & debugging this issue! And sorry for introducing it 😔
romaricdrigon commentedDec 1, 2020
You are welcome, with as many contributions you do that's fair :) There's another issue in 5.2.0 security, I'm working an issue and a patch on it, to come in a few minutes too. |
chalasr commentedDec 1, 2020
Good catch, thanks@romaricdrigon. |
Uh oh!
There was an error while loading.Please reload this page.
A
returninstead ofcontinuewas making compiler pass return after the first firewall. Hence subsequents firewalls never had a default entrypoint set.This issue would occur with all firewalls, with any type of authenticator, though I saw it first with
http_basic- because it is a bit more opaque and harder to debug.