Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Internal Server error "no namespace" on paths /v1/auth/token/lookup-accessor, /v1/auth/token/renew-accessor, /v1/auth/token/revoke-accessor when accessor has random Unicode chars #13274

Closed
ludovicianul opened this issue Nov 24, 2021 · 7 comments
Assignees

Comments

@ludovicianul
Copy link

Describe the bug
Making a POST at any of the 4 URLs with accessor having the supplied value in the JSON examples, results in 500 - Internal Server Error

To Reproduce
Steps to reproduce the behavior:

  1. Run curl with the payload supplied in the json files.

Tests.zip

Same steps to reproduce for all paths.

This was discovered while running a fuzzing tool I wrote for OpenAPI specs: https://github.com/Endava/cats. You can replay all the tests using:

./cats.jar replay --tests="Test349.json,Test785.json,Test1163.json"

Expected behavior
A 400 response.

Environment:

  • Vault Server Version (retrieve with vault status): 1.9.0
  • Vault CLI Version (retrieve with vault version): Vault v1.9.0
  • Server Operating System/Architecture: macOS Monterey 12.0.1

Probably same root cause as: #13225

@ryowright
Copy link
Contributor

Hi @ludovicianul, so after taking a closer look at the cause of the "no namespace" error, it doesn't seem to be the unicode characters that cause the "no namespace" response, but rather the periods ('.') that are within the unicode strings. According to the source code in the vault/token_store.go file, the function that handles these particular requests attempts to parse a namespace ID through specific characters in the string (one of them being '.'). Because there are multiple '.' characters within the unicode strings provided in the .json files, a portion of the string gets parsed as a namespace ID that is invalid because it cannot be found, resulting in the "no namespace" error.

I have also tested a portion of the unicode strings without the '.'s and this results in a proper 400 response with the "invalid accessor" error message.

If I may ask, is the "invalid accessor" error, the one you were expecting for the proper 400 response?

Also, I will attach the json file I used with a unicode string with no periods ('.') as the payload if you would like to test this in case I may have missed something:

payload2.json.zip

@ryowright
Copy link
Contributor

I believe this may also be the root cause of the "namespace error" for Issue #13273.

@ludovicianul
Copy link
Author

Hi @ryowright. Yes, I would expect a 400 "invalid accessor". I see 500 for things which are not predicable, rather than an expected known error.

I initially wondered what might've caused the 500 as not all random Unicodes was causing it. I suspected the right-to-left text marker.
Thanks for checking this.

@heatherezell
Copy link
Contributor

Hi there @ludovicianul - is this still an ongoing issue? If so, let me know and I'll have our engineers look into it more, otherwise, please let me know if we can close it. Thanks! :)

@ludovicianul
Copy link
Author

Hi @hsimon-hashicorp. Yes, still reproducible under Vault v1.11.2 (3a8aa12eba357ed2de3192b15c99c717afdeb2b5), built 2022-07-29T09:48:47Z

@aphorise
Copy link
Contributor

aphorise commented Sep 4, 2022

Closing issue since tests in 1.11.3 did not show any issues and in each case getting a valid HTTP-400 or HTTP-200 response as below.

Hey @ludovicianul thank you for reporting this. For future reports do you mind providing the complete curl example as I've done below (obviously archived as you'd done since these payloads are rather large). It saves a lot of time and ensures we got the correct escaping verbatim as you are testing.

PAYLOAD1='{"accessor":"...씫𓎯𮜪졈𢝳𬵋首跰𮀸🩃𢇢뽰𰮾뗂𬰠ﵔ𥴴𬜡𠹙𥙕𨹇↡콖ꢋ𨘵徖厑凧𞤿竜𰨤㎑𤮼𛇎𭧪𖼔𪿑쏛𭭑𫑭怅𭧁ᅼ甂嵒𬷩⇩Υ𪴤㈙𤋮𗲄憥㦽፯𫒔𗘎泉𱂦𪵨𨗡𤏚㓮𦫅꣼𤲌𫎃𧱂⋳၇𧳘䎰𤭏𧡽🀾蘋𩃓𡤑륈𬰭𪒂𬩝𥬟⑳䂇䛼齅𬦴譚𨸅𨩌𰭳𭺧砠𝙾𬹆灏𦳊¾𧤓齫㪘𡩂㝹⻀⬼𬖮𑜌땳𨁇𢂃𩃛袀ł𠷣𢗄Ţꀸ𥁟뒌𥚹𒌒𨈓𑰵덝褖𪡾䵅𨄓𡼎𡾝㴅䍵𬆅𫊽𧩵俴𦋳𝅀𦏒柘𔖓𡟠𖣞呱𭬥𢡋𡹫鰢팭𢇷㉢肬𨇉𥥼𮓇誛垕𓆚𩐊쫚🐉㱷ꪉ겱沒듰孅헔汱蛻휱榤䣔ꃅ𫒮𨣔犔𢁯⬖쉨ꞔ㺺𥔑𧝄𖤲𨘲釸𨯘𤊕㶟𦓟𫜞ꜷ堈𧓊遡泏𪠁ᇵ𨷨⭝𧯒⊥𤮖𨨶𧐮㪌☁𐢬𘠠漶𮁦𣔦𤯡𤍨ϲ槏𭭥ꗐ𦛁邢曝捰𬀠🏇뤆ᩤ𗂝𝦘⫩ꂪ亻ՠ𦳛𧾧𩜁.帼剐𧄨엡𩰭捾𨸧揤𞋙𠺭𥍾𩋵𮥛𪤦땬Ყ왌㚕𢝬𝓲盢㡦🝫𗌅𠐃𬊞𑗏𥸎𪝊𝦨𩩍𬾓⪢忔㫯ᨴ𫀭ۿ냆惔呆𭱎𢾗祫벝嬘ᐅ걱銝༄𝗫掙𨓦솛茞偺𥗑𥑬𩴋𤾸䜮ઞ𭕰𣆀𤤹𦫄𬷄𑈯ﳒ疵౦𨾟𦥞ꮤ𪤠𩟆뾇𝇞烏𝈕𞡞𪕛𠤤𒉒彷᭚א𫦧𰜣𥇺𗎢𦼜𐌉⭮𪠓𫲇㖱톗捿웆𭛒駆𬖍ಌ𧗹𭈦垈㾆𬶇䪀幒𡈬𠈡鮗𬣳즐瑚𩧤𗅵𤛢𥼕𧳚⚋뾸婕阍䩖뻼𫰅ᘣ塬ۧ샻座륐𮠃喚㴵🦔𭽯🏶𬴶𧵔𬀧𭝆銽𭟤𡁣𘆮뛝𐳍𩊒ḏ𒁮𫶟𬶴𦅚쥭𢞂ⅇ賜𰨑𩸿𱊸𰽕𮍽𫣀𥮺𒋑𮖖⳱𘊃ડ뷉𓃉菋𫏱ኌ뇑𰆻𩳳𧙈𢅙𢙃𛄈ꪨ翺💪𰂢𘥼㯤쟥橮ᆳ萞𰑣𣣴𘤈𗁓𥂆𠇫𠇵𬯩Ⳟ됰𗐃𧀺을笆㤷𞸷𪹑𔘄ἇ瞡𱂷矺𬄄ؗ𠦼쳬𱈴ᰳ𘂏ૡ𦲗蜦𰨻𑋓𥔙𤵄𪯿𗺦𗣥昝𗍍壆Ꙑᘛ𢁛𧢥璐◓𰷜ꈛ茝𬌶䄊猒𣤹𧘛𢠱𦬔ﯷ𐏏𪽅겺쐷𦇵𓋓𨵊𬬞𖫰𣓋𢛥𐿮𢿡𦘭𨇐믜罹ꅒ𬗤橨𩥣რ밆𬴱𪂭𐊀ᘐ𡾯𡞗𠔂𬍥󠆂𧶈𘏨𡷄௧𢈨𣝎𤡻𑘀䲮彝𭝚쌴𤭶岫𪛀𡱛謆䩯𪫻엎𬲅𮠩𮧐翳𥝽𪰇챃𓂞𫡨堁烜ᵍ疯型珱𱃳ខ쁁𐡵䪆欒迤农玮𘨰ᯬ𥵭𑐔𢇤𤴩秸𰫙𧮕ᒏ𡵩퇡𬈰𪧖↟뙕𝇖𭧚퓌𨅖𡨪𗴷𰶰ඣ𩢡ꡝ哋🦤𦴓刺縓볳𝅆𘮂𒓞𥽌𗀣𫓧𓈌𡶋𡱪𘧺쥡旇𫏰𘈔𮮚𠽠𢩭쏙.𭹆暔𡩹蝕솵翑𰻻𧲸𤻢肻𧰓ᎀ𬚟𤏣𠆔륰𘱐𐍬𭼡𤀂𩠭𭪥킺𡄮𘱅鴘࠳𦭄蝂䢞晒𦃇𗐟𮌯𭈀𪕉𒒆팥𤤔媂郢𔐜𣦖𫑼𣠞󠀪𑓓𦥘𦔛𨊸𫹒㖀櫊궋𤲰璅Ꭸ𬩬𑨶𱃳𥬠ﬢ疪胥𦒹退𒓷𰇃𠘲𮒈崍ﰷ𧻝ꄸ𢅣戫𝝚𣌿𨻀ᬠ𬤖𢆭㨢㣟𝠃𢩋𣗮𘞧⑴瀾⌃𐔰鲀櫳𭒝𗸟滽⺦𰫸𰃽俾𪈎鐿龂竀偔𠁃䄛𨘪擷𦜮繰𗌀𬼱瓘开𢪼珹Ժ嫞쀁ಽ䎿𗵄쮃𤈙𤀂祗鮬𮉬𥝔𘄶𣤐䲔𩱚吣瞱떹𭨩𢹘ꍝ宩𩉉㈖𫜄セ𓀳𢟝姮쯋𒌭゚𰞻Ý真誾膺뽮餥𐇲𧰿㟲᠂⢑𫬭𝝽闊𝛃嬤𢲣劻飜伐𰱗𰔘𬎼𦉽𑿫ᡨ𫈲⨪鍔𗾿𧱊𬡼뜕𧻧踋𤐝𣟀𛃊𐴚譿𩎦𤻰𡡎䢟𦭷𧵣𪋔𫛆룐𘣪𑿋𛁼🤫𨖹╜훰⡤𐬇𰯩𬿧𭖩𗇤𨦇𤰀鳑䧸軓𭂑ﱖ𤉠𬡠𦺈𤞢𡪸𦍵狁𗜵𐃃츈錶抩𤰦嵴紀𝔳𐎀影ꞻ𠃛𰦻𥆴𣔏🁛돏𱅙𤑸牧筞䣃㎦𓊎㆘𐜛󠅄𗧊呯궩𭹠𤗩湳㎨🂓𫐇甒𝕎𩥯𔗢🦩歄㐝淭렮˻𡍕Ϙ𗏊𗏨ꈝ뭆𔒸𭾄🏟𖼔𗀦쩉𢑯㟷𢠃𧢧䢴𰃹𫴨渇𧳙۾𡰘᪷𢑦𭛵𥉭𥮐鿉𪅜銵✕ᚡ㖕임鈱𭝄󠄮𓇹픭𩶾𤱶𖼼𰔚𫫓𝟿뾠𣷄樥𪅰𤉹𗋋𦂓𔖡쨼祪𐑘쫛𤇀듕𘞓𫔭𦢲𪠐𤧜𪎽梋𮛙𪥯𨌷㳾𬛜玻𝠢𑦪𘗒㢪𗤹𘁈𬌟𐴎𘮫𭣎着ᅱ띎𨝤𤘄𫽙貰콀祷𤾩𑐼𧳃𢈦𤬀𤸾ᇪ𩣨𡲔𪐁𧪼𨆣𦛰𤀬ꘌ𒑱𫪧𥃪儦𭊉𗵈𧒛粋𫲓뷴𡫰𢂇󠅤𥛖真悊𪼓𝆹𝅥𝅮𥉬㳨싯𮂨𢽫𧟨𒅗굻𢷻瀑铿𤮜꽱㥩𗝎𠺥𢹒🈳𓂄𭶵𐴜筴ꎒ𪍤𭀆𞡢𬉓𦡆𨽟𮀁ҹ⤼𧜧𢮧텆덗𮜾鳪𭸥𦹲𧤁ྮඔธ帢𧪪떣𪬣𢞬𮠀𢬋𐇱𬜟𤇆𭨄𰾲𧝟ᒅ𰫮𭛎𡁡嫊쒓𦚎𱀙磒𥊼읯𫙫𧬯𨵕滐𢈠蟜鄂泫𦨰똱衞𬩊ꮨ𩥤뷓痐𐊀뺺튇𭎥𘟳谓𢦪𥀵菱𩚽낷⎄𐏊䉫𧞰𩾞🛆㴛掃ꛝ𥎫𧁯𢉫쪡𮊌𩰃嗩ᆷ𔐯𡎩젲𤚾擳뜬𢇝咏𪟠𣒸𥲭𡔌๔𠺻삮𤞟𤇛䴆𗿆𣜖톗밠𫮦𬚊ḉ𬎌𛱲斪䴤ᠮ𐼸𦽪𨣖𥣮掕礪𤔦詉𡓢𐧺𩡝𠣑𨱬𭇦ﲫᨕ⧯ਈਸ਼𨱧𭻷𭼳邿單⯁ཆ𢬏좂𗺓ꕨ𡬻𩑈Ꙏ𥙔𪏨馂啕鯰䳁㝙𪯤𧨑𠩢㙽𪏠𞡢𣄏𰮑𪊘𭖡ꀎ𤲄伫檼𣿎ᶠ𓆛𨐅𪾿ꯑ㧑茘𫷨劇𦦪綴衫𣱆𘉑縴𮯈𨥮ᢧ🢀𠄸𰢿𨃊𧓗頹谢𨈙䶳𪘡𝓍𰜋𨾏釼泚𘐙胜𰇤ꃞ𢛣\\u207B늝𰽕𐢫𰽉䜋潅𡳝𨷄𥳎𦣼ଶ𣗜疑𘐼닐ﵮ卨𨈟⪐𣵞𬢿𫓵𧚻쭓𢇍𗘚𮯀𠸳𠶴𤱒𥰙𰃨ꊏ졬䙐𩰀ส𪡅𝣧뚇纀税𛈑𖨯𢴱𗵯𡪎뚶𬱜𰗥霍赏𗱪𪶅𢬌𨣟𪗵琪𗟿𤙛𣜬𡟤𥱜𭄛筳𐼍趯𩬍𠿡ts"}'
curl -v -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d "${PAYLOAD1}" ${VAULT_ADDR}/v1/auth/token/lookup-accessor
  # < HTTP/2 400
  # # // ...
  # {"errors":["1 error occurred:\n\t* invalid accessor\n\n"]}
PAYLOAD2='{"accessor":"...𐝌馔🬣𘒛鷶𪶠𐚦␢\\\\\\\\u0093𫟕𧿕ꔻ梈𩶳𑪟磱斉𬎈𓅱𦾡𐧖𫄥뮉𐺊𓐛𩳿𐚴꓃𡕪𦅳𪮳䞸⩦蓟씫𓎯𮜪졈𢝳𬵋首跰𮀸🩃𢇢뽰𰮾뗂𬰠ﵔ𥴴𬜡𠹙𥙕𨹇↡콖ꢋ𨘵徖厑凧𞤿竜𰨤㎑𤮼𛇎𭧪𖼔𪿑쏛𭭑𫑭怅𭧁ᅼ甂嵒𬷩⇩Υ𪴤㈙𤋮𗲄憥㦽፯𫒔𗘎泉𱂦𪵨𨗡𤏚㓮𦫅꣼𤲌𫎃𧱂⋳၇𧳘䎰𤭏𧡽🀾蘋𩃓𡤑륈𬰭𪒂𬩝𥬟⑳䂇䛼齅𬦴譚𨸅𨩌𰭳𭺧砠𝙾𬹆灏𦳊¾𧤓齫㪘𡩂㝹⻀⬼𬖮𑜌땳𨁇𢂃𩃛袀ł𠷣𢗄Ţꀸ𥁟뒌𥚹𒌒𨈓𑰵덝褖𪡾䵅𨄓𡼎𡾝㴅䍵𬆅𫊽𧩵俴𦋳𝅀𦏒柘𔖓𡟠𖣞呱𭬥𢡋𡹫鰢팭𢇷㉢肬𨇉𥥼𮓇誛垕𓆚𩐊쫚🐉㱷ꪉ겱沒듰孅헔汱蛻휱榤䣔ꃅ𫒮𨣔犔𢁯⬖쉨ꞔ㺺𥔑𧝄𖤲𨘲釸𨯘𤊕㶟𦓟𫜞ꜷ堈𧓊遡泏𪠁ᇵ𨷨⭝𧯒⊥𤮖𨨶𧐮㪌☁𐢬𘠠漶𮁦𣔦𤯡𤍨ϲ槏𭭥ꗐ𦛁邢曝捰𬀠🏇뤆ᩤ𗂝𝦘⫩ꂪ亻ՠ𦳛𧾧𩜁.帼剐𧄨엡𩰭捾𨸧揤𞋙𠺭𥍾𩋵𮥛𪤦땬Ყ왌㚕𢝬𝓲盢㡦🝫𗌅𠐃𬊞𑗏𥸎𪝊𝦨𩩍𬾓⪢忔㫯ᨴ𫀭ۿ냆惔呆𭱎𢾗祫벝嬘ᐅ걱銝༄𝗫掙𨓦솛茞偺𥗑𥑬𩴋𤾸䜮ઞ𭕰𣆀𤤹𦫄𬷄𑈯ﳒ疵౦𨾟𦥞ꮤ𪤠𩟆뾇𝇞烏𝈕𞡞𪕛𠤤𒉒彷᭚א𫦧𰜣𥇺𗎢𦼜𐌉⭮𪠓𫲇㖱톗捿웆𭛒駆𬖍ಌ𧗹𭈦垈㾆𬶇䪀幒𡈬𠈡鮗𬣳즐瑚𩧤𗅵𤛢𥼕𧳚⚋뾸婕阍䩖뻼𫰅ᘣ塬ۧ샻座륐𮠃喚㴵🦔𭽯🏶𬴶𧵔𬀧𭝆銽𭟤𡁣𘆮뛝𐳍𩊒ḏ𒁮𫶟𬶴𦅚쥭𢞂ⅇ賜𰨑𩸿𱊸𰽕𮍽𫣀𥮺𒋑𮖖⳱𘊃ડ뷉𓃉菋𫏱ኌ뇑𰆻𩳳𧙈𢅙𢙃𛄈ꪨ翺💪𰂢𘥼㯤쟥橮ᆳ萞𰑣𣣴𘤈𗁓𥂆𠇫𠇵𬯩Ⳟ됰𗐃𧀺을笆㤷𞸷𪹑𔘄ἇ瞡𱂷矺𬄄ؗ𠦼쳬𱈴ᰳ𘂏ૡ𦲗蜦𰨻𑋓𥔙𤵄𪯿𗺦𗣥昝𗍍壆Ꙑᘛ𢁛𧢥璐◓𰷜ꈛ茝𬌶䄊猒𣤹𧘛𢠱𦬔ﯷ𐏏𪽅겺쐷𦇵𓋓𨵊𬬞𖫰𣓋𢛥𐿮𢿡𦘭𨇐믜罹ꅒ𬗤橨𩥣რ밆𬴱𪂭𐊀ᘐ𡾯𡞗𠔂𬍥󠆂𧶈𘏨𡷄௧𢈨𣝎𤡻𑘀䲮彝𭝚쌴𤭶岫𪛀𡱛謆䩯𪫻엎𬲅𮠩𮧐翳𥝽𪰇챃𓂞𫡨堁烜ᵍ疯型珱𱃳ខ쁁𐡵䪆欒迤农玮𘨰ᯬ𥵭𑐔𢇤𤴩秸𰫙𧮕ᒏ𡵩퇡𬈰𪧖↟뙕𝇖𭧚퓌𨅖𡨪𗴷𰶰ඣ𩢡ꡝ哋🦤𦴓刺縓볳𝅆𘮂𒓞𥽌𗀣𫓧𓈌𡶋𡱪𘧺쥡旇𫏰𘈔𮮚𠽠𢩭쏙.𭹆暔𡩹蝕솵翑𰻻𧲸𤻢肻𧰓ᎀ𬚟𤏣𠆔륰𘱐𐍬𭼡𤀂𩠭𭪥킺𡄮𘱅鴘࠳𦭄蝂䢞晒𦃇𗐟𮌯𭈀𪕉𒒆팥𤤔媂郢𔐜𣦖𫑼𣠞󠀪𑓓𦥘𦔛𨊸𫹒㖀櫊궋𤲰璅Ꭸ𬩬𑨶𱃳𥬠ﬢ疪胥𦒹退𒓷𰇃𠘲𮒈崍ﰷ𧻝ꄸ𢅣戫𝝚𣌿𨻀ᬠ𬤖𢆭㨢㣟𝠃𢩋𣗮𘞧⑴瀾⌃𐔰鲀櫳𭒝𗸟滽⺦𰫸𰃽俾𪈎鐿龂竀偔𠁃䄛𨘪擷𦜮繰𗌀𬼱瓘开𢪼珹Ժ嫞쀁ಽ䎿𗵄쮃𤈙𤀂祗鮬𮉬𥝔𘄶𣤐䲔𩱚吣瞱떹𭨩𢹘ꍝ宩𩉉㈖𫜄セ𓀳𢟝姮쯋𒌭゚𰞻Ý真誾膺뽮餥𐇲𧰿㟲᠂⢑𫬭𝝽闊𝛃嬤𢲣劻飜伐𰱗𰔘𬎼𦉽𑿫ᡨ𫈲⨪鍔𗾿𧱊𬡼뜕𧻧踋𤐝𣟀𛃊𐴚譿𩎦𤻰𡡎䢟𦭷𧵣𪋔𫛆룐𘣪𑿋𛁼🤫ᄲ𠚌𡇪𝆹𝅥𮌤𒍷𠅪𪎗黾붤𧴟贗𢊁湪㉳숓噗쳤蓢𥑄䡘ᠡ𦊬𢃽ᯀ𬼊𘁙𦆢𢲘𒀅𭧝挽𡣴눏𤔷闦ﻧ㒓挔𰕰𰮜撂㝖발䃦𠤏Λ𢠕𐆎褎챧熊𝚕㢧𘣆蒂𥀼𓅣䒶띚𬍖𘎳𤡕𪞝𪈚큐晪빘𣞋젖𫡞𥓤영𡪏︕𦙀洴𭫔𩟫𪺱𪎳𛰟𪐡噵𥀆𮥡𣛅𪂊\\u2097𫐜𣸻𬶃ꑚ𩕀커𨴬䈡𤫲𩶳貦杗𨗀𥸴𨗳𭆳𦻉寕𐪄𰫢ꬲ𭫺膥𠠘𦱁𤬏柳𬑎ﮊ𩲔岜𫣸햩𦒲𡨖𝣄𫂸𡚘𢔣杓⏭𠦛𬽂𢪹𛉒𪇯𪲹ꌿ𱁌喢𮗚腌蜊𡶰𡣄𢁢𨇀픖𨓠𢩆𨀀𨳠ﴠ𘚹𒓞𘘄𨿀𪬸𩱘𪪲⌋𦠹ᶈឆÌ𬌄𭃠𗜥𛋎𓆑䝜𤩤ឧ𨎋𣥜𭘚𦲊풰𡌓ṥ⻓ꛞ댷蚂𡯯ꓮ𣌩ᐄ𤄀𪝋׆𠽁㟂𑑍𘌨͂䨑𢖪ᘴ𧥳𡟙ꇗ𦪟⼣𝗩𬙾𓁗𨅦𡰕焀𩪡肶讶𛁨𩷸褩𫽂𦤿𤦾滏𓅂𧴔𝕌𬵉𨂕还𫴲⤒𗽯𗷿𩛗𗫥𭲹࿗𥄯𨎮𮛪唇䠎𠨾🧀𩋣ਗ਼𬔠𓊚𰰮𥺜𣔆𩇑𫣑㽬炙𐿲𨁱𛃿壆𫠿퇬𠶌ᷳ䟲𧍰𩻁楣𘖢𦐱𠫪𱂂𮒧鱽뾔𫾸ﲈ髃墇𖧈𮯎ꎗ𠮾𰏿洱ᐕ𰻀䳹𘘒宺𢐯𣄘𮠊𬢉㶑𥦝츜骆캻职𑤠𫝈ⶁ𗯠𘈓𤊰𨧌𗺈𢉠혡𦗴ꥲ⮩쟮徻徙𘦷勇ི𘭝퐗영괊혻𠱲ⴱ𐭥閱狭𬣔🕻𣒋𤺴𣞍𥼿𩾷𧖟𨘞𫴘𦥌𡨒𝢥𞱻湄旆𦎗땂👐𖹺𨴾斮脯杽𤑺𠍾𬹈𱀣𡇱🎶덢𦵨𧰥𧥦궘藃𠸷𭼆폣𨬋️𣭰䆾ភ綪ㅝ𧚚🡭𭷛𤆍𬖷𪤡悔㍿𡇛𮦺𤖂𬨇仓𓈅竎𦺿𠛙뇶㝮与𥺤쒈壥镴𧯊𦨫𬔢𡐱𫄇𡠋𖼧𣛃䨏𡉊𰻚🈳𧻡㷌왉굇𩉚㽡𧓗𭎵𐾻𧭐↸𓆢𣭉聼ᝌ𣃈𣤯𘤾𢂞鍒ኡ𧊯𥊜𠆶𭀧𛱠ข丌㺤𧕀𬸅𢋳換𩜑𠺯𞴭𧆯🁧𦸐ॡ嚪𪼛𪧪𢷬イ뗤㴢鲋𫱎𩂈䓐ꚺ𫛁𪲞𦟊𘀦𮪂𠒬𪄉𢂉턚𬎌𐠅𓅲𫫞𱄐ⱙ埪🭺𬔽𑴄䔭।𒒭𒋋迴𩓉𥆺𦬌吋ߚ𨒃𧼂䷹𮌭䇄찍ꎠ𢯻𨆨𨦒𑆉𐃃𘓙ts","increment":2}'
curl -v -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d "${PAYLOAD2}" ${VAULT_ADDR}/v1/auth/token/renew-accessor
  # < HTTP/2 400
  # # // ...
  # {"errors":["1 error occurred:\n\t* invalid accessor\n\n"]}
PAYLOAD3='{"accessor":"...🏇뤆ᩤ𗂝𝦘⫩ꂪ亻ՠ𦳛𧾧𩜁.帼剐𧄨엡𩰭捾𨸧揤𞋙𠺭𥍾𩋵𮥛𪤦땬Ყ왌㚕𢝬𝓲盢㡦🝫𗌅𠐃𬊞𑗏𥸎𪝊𝦨𩩍𬾓⪢忔㫯ᨴ𫀭ۿ냆惔呆𭱎𢾗祫벝嬘ᐅ걱銝༄𝗫掙𨓦솛茞偺𥗑𥑬𩴋𤾸䜮ઞ𭕰𣆀𤤹𦫄𬷄𑈯ﳒ疵౦𨾟𦥞ꮤ𪤠𩟆뾇𝇞烏𝈕𞡞𪕛𠤤𒉒彷᭚א𫦧𰜣𥇺𗎢𦼜𐌉⭮𪠓𫲇㖱톗捿웆𭛒駆𬖍ಌ𧗹𭈦垈㾆𬶇䪀幒𡈬𠈡鮗𬣳즐瑚𩧤𗅵𤛢𥼕𧳚⚋뾸婕阍䩖뻼𫰅ᘣ塬ۧ샻座륐𮠃喚㴵🦔𭽯🏶𬴶𧵔𬀧𭝆銽𭟤𡁣𘆮뛝𐳍𩊒ḏ𒁮𫶟𬶴𦅚쥭𢞂ⅇ賜𰨑𩸿𱊸𰽕𮍽𫣀𥮺𒋑𮖖⳱𘊃ડ뷉𓃉菋𫏱ኌ뇑𰆻𩳳𧙈𢅙𢙃𛄈ꪨ翺💪𰂢𘥼㯤쟥橮ᆳ萞𰑣𣣴𘤈𗁓𥂆𠇫𠇵𬯩Ⳟ됰𗐃𧀺을笆㤷𞸷𪹑𔘄ἇ瞡𱂷矺𬄄ؗ𠦼쳬𱈴ᰳ𘂏ૡ𦲗蜦𰨻𑋓𥔙𤵄𪯿𗺦𗣥昝𗍍壆Ꙑᘛ𢁛𧢥璐◓𰷜ꈛ茝𬌶䄊猒𣤹𧘛𢠱𦬔ﯷ𐏏𪽅겺쐷𦇵𓋓𨵊𬬞𖫰𣓋𢛥𐿮𢿡𦘭𨇐믜罹ꅒ𬗤橨𩥣რ밆𬴱𪂭𐊀ᘐ𡾯𡞗𠔂𬍥󠆂𧶈𘏨𡷄௧𢈨𣝎𤡻𑘀䲮彝𭝚쌴𤭶岫𪛀𡱛謆䩯𪫻엎𬲅𮠩𮧐翳𥝽𪰇챃𓂞𫡨堁烜ᵍ疯型珱𱃳ខ쁁𐡵䪆欒迤农玮𘨰ᯬ𥵭𑐔𢇤𤴩秸𰫙𧮕ᒏ𡵩퇡𬈰𪧖↟뙕𝇖𭧚퓌𨅖𡨪𗴷𰶰ඣ𩢡ꡝ哋🦤𦴓刺縓볳𝅆𘮂𒓞𥽌𗀣𫓧𓈌𡶋𡱪𘧺쥡旇𫏰𘈔𮮚𠽠𢩭쏙.𭹆暔𡩹蝕솵翑𰻻𧲸𤻢肻𧰓ᎀ𬚟𤏣𠆔륰𘱐𐍬𭼡𤀂𩠭𭪥킺𡄮𘱅鴘࠳𦭄蝂䢞晒𦃇𗐟𮌯𭈀𪕉𒒆팥𤤔媂郢𔐜𣦖𫑼𣠞󠀪𑓓𦥘𦔛𨊸𫹒㖀櫊궋𤲰璅Ꭸ𬩬𑨶𱃳𥬠ﬢ疪胥𦒹退𒓷𰇃𠘲𮒈崍ﰷ𧻝ꄸ𢅣戫𝝚𣌿𨻀ᬠ𬤖𢆭㨢㣟𝠃𢩋𣗮𘞧⑴瀾⌃𐔰鲀櫳𭒝𗸟滽⺦𰫸𰃽俾𪈎鐿龂竀偔𠁃䄛𨘪擷𦜮繰𗌀𬼱瓘开𢪼珹Ժ嫞쀁ಽ䎿𗵄쮃𤈙𤀂祗鮬𮉬𥝔𘄶𣤐䲔𩱚吣瞱떹𭨩𢹘ꍝ宩𩉉㈖𫜄セ𓀳𢟝姮쯋𒌭゚𰞻Ý真誾膺뽮餥𐇲𧰿㟲᠂⢑𫬭𝝽闊𝛃嬤𢲣劻飜伐𰱗𰔘𬎼𦉽𑿫ᡨ𫈲⨪鍔𗾿𧱊𬡼뜕𧻧踋𤐝𣟀𛃊𐴚譿𩎦𤻰𡡎䢟𦭷𧵣𪋔𫛆룐𘣪𑿋𛁼🤫㬄鎜ꉊ썔𥾃𨛲𰨛𝨅𤒒𬭐晩𠆨𢘍𧯕𓁛瓃Პ𣄑ꕈ𫗍萇𬭐戡𢏯𡸇퍇홯𦵷𦬫𧡚젟𪹾䩕ﲈ鑤𬕜🅥𣣽爿𗻢굗볷𗨤ﺄ𑍗𮐬檐퍾𤬩𧰹𫓶𰒟菅េঋ샴𮎴𨵡𨋯𠲾勻𩻩ܫ𡵸𥂄둳𮭔𧻦𬙤𔐜㱜䆢瘾樒賑𮍺𠗸𘕱𨒧𠑶𫑾ܪ뼹붥叾𢍴𓏽𪌖鴄𡪨鳎Ⳬ䒯𧁢𩢢﨟𠖈껴設𰦭𤈠𞠀뀜𧅾𮧫𱇂𣨩𠍭𘒘𐼰𗌔𣟛𠤺𭔍𡸚౯偏𫎹훈⠍᧷宦𠺢᮱⭾捸荷蘡靧搌𭳂㬋𣜲𥈅魁賄𰱩𮜯𡕦𢱽껨𒊓𗻓𦨲𦻬𠋊𡢒𡫚닩𥠕𘃲𖤩諭𬀷𨨟𢷃놾𩧅🧯𭋟𣍩擾껎赪稸𘃏𑋸🩋𪅏𦙷𫝴𠣩𡔂𪯬倐𘎍𮮷🭱葵𢺋𨇔𓇊𡟊𖩅𣡂깼𗜞Ԕ𪏮鮃𐚑ൌ𐂧䢁𨩹𢐄ꛭ貫𦶂𣐿🤾𢇥𨩨𑤄𤯙𩶸첥깹𘩜𛉶𧻵🪡䚩𦯰偐𮣉ⶋﯣᜰ𨢙dᖘ𭙜𬍃㜃𦴡䜽𫫟𡶉讲㺡敱\\u2013仹𡃼𑠰𫆔𰏧⾡ꗁ䰔ﶨ瑣𣃳𥈩禍┚ᵎ𰘟𬥂𝍍𑐀섀ፀ𩏵𩊹应𐾽𘤿𡎬𠈵돔𝠯𗌖𤍨紌𢞕ᗰ퍤𦙴𮔎𠐻ㆭ㊿𡄘𨶌𮭋Ŵ𬨱𠽛辜𒀅𓍺𢨺𪶦焌𥫉𣁿𫾡𔘧𩓔𮆯൬쏁𣛐𑶐𗂘𩭇ತ沌🮛𗤦핺𝃊𰈩𪴫봭鲱𧀙줕𑨘𖦒𣴶𦁜䉮𰽚𫛏𮅝𧣷ޛ䶴䐘𥃲𫚅𢚎𠌛𩹙𝚐ﻕ𥙮囼𦉡𥚨ᵎꀳ𪊦玒𨘣𩷆𨜜🄬𨍌𪍎𥱚㋶𡘞킸𘥇知𦑣햊𩞺驪☐𣶾𡪔𦛋㷳𓌳ᬊ퉅Ȯ𩋜𮎳𮒊𡱚㿔瞸𩛂𬇗좚セ㚶𢫟𘟨䀀洦ᶟ𠞸𠙯𬳧𪽑嶀𘨈𣪃𗬾벚ϲ蹡𬆛𓐇쁯𣢑㵱擊讷𭨍𣉋𢂍옔ꏴ𮔻뜭遤叟ਅ𩬲鑭娄뿆𡪴𧤩𫀠䎵𡘅踷퇊𢂑뽁𤼛𘢌𦯢𣶜𩥩𰉝蒱𛆘𓎒𩅯뫔𠟌𡈄𥻼𘊬跲컳瘪㐆է텎𪚗⬣𪓴𩗽𭠁镱𢾫閸\\u206A𮁁胱͎䨳𡘬𣠫葎𭘔𠖰̖𗪛𠊍䂩𫮡𖼇퉚𠧾𢹙𘕉𥝘顝𥳙捝𦞒𐜵辸榉𘃼🧠粞豘𰇑𘟯𥺞𥿵ಲ婽𭍋ꮈ𡅤ꀁ⟟勡勍𪀰⮃𫂮𮦺𬋕𧜺믄ts"}'
curl -v -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d "${PAYLOAD3}" ${VAULT_ADDR}/v1/auth/token/revoke-accessor
  # < HTTP/2 200
  # # // ...
  # {"request_id":"fdc83268-3e14-bfec-2e5b-55b93255906b","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["No token found with this accessor"],"auth":null}

@aphorise aphorise closed this as completed Sep 4, 2022
@ludovicianul
Copy link
Author

Hi @aphorise. I still get a 500 when running all these samples:

 Trying 127.0.0.1:8200...
* Connected to 127.0.0.1 (127.0.0.1) port 8200 (#0)
> POST /v1/auth/token/renew-accessor HTTP/1.1
> Host: 127.0.0.1:8200
> User-Agent: curl/7.85.0
> Accept: */*
> X-Vault-Token: XX
> Content-Length: 4751
> Content-Type: application/x-www-form-urlencoded
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Cache-Control: no-store
< Content-Type: application/json
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Date: Wed, 14 Sep 2022 09:26:54 GMT
< Content-Length: 55
<
{"errors":["1 error occurred:\n\t* no namespace\n\n"]}
* Connection #0 to host 127.0.0.1 left intact

Version: Vault v1.11.3 (17250b2), built 2022-08-26T10:27:10Z

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants