Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/server
History
bahtyar b24e76408f
Fix nil pointer dereference on GoAwayError in APNs nanopush provider (#43303) 
## Summary

Fixes #42897

When Apple's APNs server sends an HTTP/2 GOAWAY frame, the push provider
panics with a nil pointer dereference at
`server/mdm/nanomdm/push/nanopush/provider.go`.

### The Bug

The code calls `http.Client.Do`, and when it returns a
`http2.GoAwayError`, it accesses `r.StatusCode` without checking if `r`
is nil. Per [Go's http.Client.Do
documentation](https://pkg.go.dev/net/http#Client.Do):

> On error, any Response can be ignored.

When `http.Client.Do` returns an error like `http2.GoAwayError`, the
response `r` can be nil, causing a panic when accessing `r.StatusCode`.

### The Fix

Added a nil check for the HTTP response before accessing `StatusCode`:

```go
if errors.As(err, &goAwayErr) {
    body := strings.NewReader(goAwayErr.DebugData)
    statusCode := 0
    if r != nil {
        statusCode = r.StatusCode
    }
    return &push.Response{Err: newError(body, statusCode)}
}
```

When `r` is nil (which is expected when a GoAway error occurs), the
status code defaults to `0`.

### Testing

- The fix is minimal and only adds a nil check — no behavioral changes
beyond preventing the panic.
- Verified `gofmt` passes on the modified file.
- Could not run `go build` or `go test` locally as the repo requires Go
1.26.1+ (which is not yet released).

---

*Note: I am an AI contributor. This PR was created to address issue
#42897 as flagged by @MagnusHJensen.*

---------

Co-authored-by: Bahtya <bahtayr@gmail.com>
2026-04-09 09:12:33 -05:00
..
acl ACME MDM -> main (#42926) 2026-04-02 15:56:31 -05:00
activity Removed the ptr helper package from Activity bounded context (#42161) 2026-03-23 14:10:07 -05:00
archtest Refactor endpoint_utils for modularization (#36484) 2025-12-31 09:12:00 -06:00
authz Fixed team maintainers, admins, and GitOps users being unable to add certificate templates (#41740) 2026-03-16 12:24:31 -05:00
aws_common Feat 1817 add iam auth to mysql and redis (#32488) 2025-09-04 10:08:47 -05:00
bindata Allow users to be readded if they were ever removed (#1945) 2021-09-07 13:33:40 -03:00
config Rename Apple Business Manager in UI (#42584) 2026-04-08 11:14:19 -06:00
contexts Move PostJSONWithTimeout to platform/http package and activity cleanup (#40561) 2026-02-26 17:39:10 -06:00
cron slog migration: initLogger + serve.go + cron + schedule (#40699) 2026-02-27 14:29:27 -06:00
crypto Crypto package for db encryption (#41139) 2026-03-11 16:45:59 -06:00
datastore Fix issue with GitOps incorrectly wiping policy stats (#43282) 2026-04-08 17:03:08 -05:00
dev_mode Add lock semantics around dev_mode.IsEnabled to avoid data races (#42646) 2026-03-31 07:49:45 -04:00
errorstore Incremental migration to slog (#40120) 2026-02-19 15:35:35 -06:00
fleet Rename Apple Business Manager in UI (#42584) 2026-04-08 11:14:19 -06:00
goose Use UTC timestamps for DB migrations (#36228) 2025-11-24 15:49:10 -06:00
health slog migration: service layer + subsystem libraries (#40661) 2026-02-26 17:40:46 -06:00
launcher Final slog migration PR: test infrastructure + tools + remaining standalone files (#40727) 2026-02-28 05:52:21 -06:00
live_query Incremental migration to slog (#40120) 2026-02-19 15:35:35 -06:00
logging Migrated logging and google calendar files to use slog (#40541) 2026-02-26 12:48:54 -06:00
mail Run multiple independent Fleet dev servers in parallel (#41865) 2026-03-18 13:58:58 -05:00
mdm Fix nil pointer dereference on GoAwayError in APNs nanopush provider (#43303) 2026-04-09 09:12:33 -05:00
mock Android Wi-Fi profile withheld until cert installed on device (#42877) 2026-04-07 16:26:09 -05:00
platform Android Wi-Fi profile withheld until cert installed on device (#42877) 2026-04-07 16:26:09 -05:00
policies Migrating maintained apps, failing policies, and webhooks to slog. (#40149) 2026-02-23 08:50:40 -06:00
ptr Fix issue with GitOps incorrectly wiping policy stats (#43282) 2026-04-08 17:03:08 -05:00
pubsub Incremental migration to slog (#40120) 2026-02-19 15:35:35 -06:00
service Fixed panic when uploading DDM/Android JSON profile to a team on Fleet Free (#43290) 2026-04-08 16:30:52 -05:00
shellquote Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
sso End-user authentication for Window/Linux setup experience: backend (#34835) 2025-10-31 11:16:42 -05:00
test Move NewActivity to activity bounded context (#39521) 2026-02-25 14:11:03 -06:00
variables DCSW: Support all IDP variables in Windows config profiles (#34707) 2025-10-24 10:10:58 -03:00
version Move external dependency fleetdm/kolide-kit to monorepo (#15861) 2024-01-02 18:22:52 -03:00
vulnerabilities Set ResolvedInVersion for osv vuln scanning (#43087) 2026-04-06 17:15:07 -05:00
webhooks Feat/31914 patch policy (#41518) 2026-03-13 16:47:09 -04:00
websocket Enable errcheck linter for golangci-lint (#8899) 2022-12-05 16:50:49 -06:00
worker incorporate display name into setup experience ordering and enforce 1 at a time execution (#42393) 2026-04-06 11:51:39 -05:00
utils.go Move PostJSONWithTimeout to platform/http package and activity cleanup (#40561) 2026-02-26 17:39:10 -06:00
utils_test.go feature: target profiles by labels (#16202) 2024-01-26 11:00:58 -05:00