secret.Read panics on malformed input (missing colon or unknown proto) #26

New issue

Open

opened 2026-05-17 23:13:00 +02:00 by heiko · 1 comment

heiko commented

2026-05-17 23:13:00 +02:00

Owner

Summary

cmd/cert-proxy-client/secret/secret.go:16-19,34 has two panic paths instead of returning errors.

Panic 1 — missing colon in src:

var proto, value = func() (string, string) {
    x := strings.SplitN(src, ":", 2)
    return x[0], x[1]   // panics if src has no ":"
}()

If a user passes --passout plaintext (no colon), the client crashes with an index out of range panic instead of a helpful error message.

Panic 2 — unknown proto:

default:
    panic("unhandled secret source proto: " + proto)

Fix

Both paths should return fmt.Errorf(...) instead of panicking.

## Summary `cmd/cert-proxy-client/secret/secret.go:16-19,34` has two panic paths instead of returning errors. **Panic 1** — missing colon in src: ```go var proto, value = func() (string, string) { x := strings.SplitN(src, ":", 2) return x[0], x[1] // panics if src has no ":" }() ``` If a user passes `--passout plaintext` (no colon), the client crashes with an index out of range panic instead of a helpful error message. **Panic 2** — unknown proto: ```go default: panic("unhandled secret source proto: " + proto) ``` ## Fix Both paths should return `fmt.Errorf(...)` instead of panicking.

heiko added the

security

label

2026-05-17 23:13:00 +02:00

heiko commented

2026-05-22 11:38:22 +02:00

Author

Owner

AI attribution comment added per repository instruction for this open issue.\n\n(co)authored by ai:gpt-5-codex