Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

io.jwt.verify_es*, io.jwt.decode_verify: panic from cypto/elliptic in v0.44.0 (ecdsa) #5218

Closed
srenatus opened this issue Oct 7, 2022 · 1 comment
Closed

io.jwt.verify_es*, io.jwt.decode_verify: panic from cypto/elliptic in v0.44.0 (ecdsa) #5218

srenatus opened this issue Oct 7, 2022 · 1 comment
Labels
bug

Comments

@srenatus
Copy link
Contributor

srenatus commented Oct 7, 2022

When we've upgrade Go to 1.19.1 in v0.44.0, the stdlib code underlying io.jwt.verify_es* (256, 384, 512) and jo.jwt.decode_verify for the same algorithms changed. As a consequence, invalid token signatures could make OPA panic.

Before 0.44.0, they were just invalid. With 0.44.0, they would panic.

See this example (concrete outputs are irrelevant, and I can't share the inputs):

$ opa-0.43.0 eval -fpretty -d mult.rego data.play > /dev/null
$ opa-0.44.0 eval -fpretty -d mult.rego data.play > /dev/null
panic: crypto/elliptic: CombinedMult was called on an invalid point

goroutine 1 [running]:
crypto/elliptic.(*nistCurve[...]).CombinedMult(0x64232f0, 0x413c3d9, 0x563bc00?, {0xc000140420?, 0x1?, 0x20?}, {0xc000140440, 0x20, 0x20})
	/Users/runner/hostedtoolcache/go/1.19.1/x64/src/crypto/elliptic/nistec.go:242 +0x1a7
crypto/ecdsa.verifyGeneric(0xc000455880, {0x5b38cd0, 0x64232f0}, {0xc0001403e0?, 0xc000639e58?, 0x414a485?}, 0xc000639e58?, 0x4010027?)
	/Users/runner/hostedtoolcache/go/1.19.1/x64/src/crypto/ecdsa/ecdsa.go:385 +0x20c
crypto/ecdsa.verify(...)
	/Users/runner/hostedtoolcache/go/1.19.1/x64/src/crypto/ecdsa/ecdsa_noasm.go:20
crypto/ecdsa.Verify(0xc000455880, {0xc0001403e0, 0x20, 0x20}, 0xc000639ea8, 0xc0004558a0)
	/Users/runner/hostedtoolcache/go/1.19.1/x64/src/crypto/ecdsa/ecdsa.go:363 +0x12c
github.com/open-policy-agent/opa/topdown.verifyECDSA({0x56e12e0?, 0xc000455880}, 0x0?, {0xc0001403e0, 0x20, 0x20}, {0xc0001aa480, 0x40, 0x40})
	/Users/runner/work/opa/opa/topdown/tokens.go:795 +0x1c5
github.com/open-policy-agent/opa/topdown.verifyAsymmetric.func1({0x56e12e0, 0xc000455880}, 0x40?, {0xc000180660, 0x55, 0x60}, {0xc0001aa480, 0x40, 0x40})
	/Users/runner/work/opa/opa/topdown/tokens.go:760 +0xfc
github.com/open-policy-agent/opa/topdown.(*tokenConstraints).verify(0xc000040c00, {0x0, 0x0}, {0xc0005d0fe9, 0x5}, {0xc0001ce790?, 0x203000?}, {0xc0001ce7b9, 0x2c}, {0xc0001aa3c0, ...})
	/Users/runner/work/opa/opa/topdown/tokens.go:663 +0x4b2
github.com/open-policy-agent/opa/topdown.builtinJWTDecodeVerify({{0x5b357f0, 0xc0001a4008}, {0x5b3a600, 0xc000455100}, {0x5b2a5c0, 0xc0001ca0a0}, 0xc000019f38, {0x5b2ff30, 0xc0005d080c}, 0xc000122120, ...}, ...)
	/Users/runner/work/opa/opa/topdown/tokens.go:1020 +0x53a
github.com/open-policy-agent/opa/topdown.builtinErrorWrapper.func1({{0x5b357f0, 0xc0001a4008}, {0x5b3a600, 0xc000455100}, {0x5b2a5c0, 0xc0001ca0a0}, 0xc000019f38, {0x5b2ff30, 0xc0005d080c}, 0xc000122120, ...}, ...)
	/Users/runner/work/opa/opa/topdown/builtins.go:127 +0x85
github.com/open-policy-agent/opa/topdown.evalBuiltin.eval({0xc000268600, 0x642fc60, {{0x5b357f0, 0xc0001a4008}, {0x5b3a600, 0xc000455100}, {0x5b2a5c0, 0xc0001ca0a0}, 0xc000019f38, {0x5b2ff30, ...}, ...}, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:1735 +0x624
github.com/open-policy-agent/opa/topdown.(*eval).evalCall(0xc000268600, {0xc000001b90, 0x4, 0x6}, 0xc00001df50)
	/Users/runner/work/opa/opa/topdown/eval.go:816 +0xac5
github.com/open-policy-agent/opa/topdown.(*eval).evalStep(0xc000268600, 0xc0004775c0)
	/Users/runner/work/opa/opa/topdown/eval.go:359 +0x75c
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268600, 0xc00001bc20)
	/Users/runner/work/opa/opa/topdown/eval.go:333 +0xec
github.com/open-policy-agent/opa/topdown.(*eval).next(...)
	/Users/runner/work/opa/opa/topdown/eval.go:165
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr.func1(0xc000268600)
	/Users/runner/work/opa/opa/topdown/eval.go:334 +0x29
github.com/open-policy-agent/opa/topdown.(*eval).evalStep.func1()
	/Users/runner/work/opa/opa/topdown/eval.go:354 +0x39
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268600, 0xc0000039f8, 0xc000018240, 0xc00001de90, 0xc00001dad0, 0xc00001dda0)
	/Users/runner/work/opa/opa/topdown/eval.go:993 +0x57a
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc0005d00a8?, 0xee32768?, 0x28?, 0x6f00108?, 0x30?, 0xc000700000?)
	/Users/runner/work/opa/opa/topdown/eval.go:861 +0x285
github.com/open-policy-agent/opa/topdown.evalTerm.eval({0xc000268600, {0xc000003740, 0x3, 0x3}, 0x3, 0xc00001dad0, 0xc0000039f8, 0xc00001de90, 0xc000018240, 0xc00001dad0}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2918 +0x19a
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalTerm({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x2, 0xc000442f00, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2901 +0xf8
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValueRule.func1(0xc000268c00)
	/Users/runner/work/opa/opa/topdown/eval.go:2788 +0x1ab
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268c00, 0xc000022090)
	/Users/runner/work/opa/opa/topdown/eval.go:308 +0x117
github.com/open-policy-agent/opa/topdown.(*eval).next(...)
	/Users/runner/work/opa/opa/topdown/eval.go:165
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr.func1(0xc000268c00)
	/Users/runner/work/opa/opa/topdown/eval.go:334 +0x29
github.com/open-policy-agent/opa/topdown.(*eval).evalStep.func3()
	/Users/runner/work/opa/opa/topdown/eval.go:376 +0x1aa
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268c00, 0xc000003a28, 0xc000020468, 0xc00001de90, 0xc00001de90, 0xc00001dec0)
	/Users/runner/work/opa/opa/topdown/eval.go:993 +0x57a
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc00063b258?, 0xc00063b170?, 0x4010027?, 0x30?, 0x5712580?, 0xc0003f8301?)
	/Users/runner/work/opa/opa/topdown/eval.go:851 +0x545
github.com/open-policy-agent/opa/topdown.(*eval).unify(0xc0005d0940?, 0xa?, 0xc00063b258?, 0x2?)
	/Users/runner/work/opa/opa/topdown/eval.go:834 +0x26
github.com/open-policy-agent/opa/topdown.(*eval).evalStep(0xc000268c00, 0xc000477570)
	/Users/runner/work/opa/opa/topdown/eval.go:368 +0x4cf
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268c00, 0xc000022090)
	/Users/runner/work/opa/opa/topdown/eval.go:333 +0xec
github.com/open-policy-agent/opa/topdown.(*eval).eval(...)
	/Users/runner/work/opa/opa/topdown/eval.go:295
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValueRule({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x2, 0xc000442f00, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2772 +0x36b
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValue({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x2, 0xc000442f00, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2738 +0x1c8
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.eval({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x2, 0xc000442f00, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2704 +0x225
github.com/open-policy-agent/opa/topdown.evalVirtual.eval({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x2, 0xc00001dad0, 0xc000018240, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2295 +0x3e5
github.com/open-policy-agent/opa/topdown.evalTree.next({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x2, 0xc00001dad0, 0xc000018240, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2090 +0x2fd
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x2, 0xc00001dad0, 0xc000018240, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2043 +0xc5
github.com/open-policy-agent/opa/topdown.evalTree.next({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x1, 0xc00001dad0, 0xc000018240, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2096 +0x33f
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268600, {0xc000003740, 0x3, 0x3}, {0xc000020348, 0x3, 0x3}, 0x1, 0xc00001dad0, 0xc000018240, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2043 +0xc5
github.com/open-policy-agent/opa/topdown.(*eval).biunifyRef(0xc000268600, 0x5b37840?, 0xc000018240, 0xc00001dad0, 0xc00001dad0, 0x43391af?)
	/Users/runner/work/opa/opa/topdown/eval.go:1030 +0x425
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268600, 0xc000018240, 0xc000003d10, 0xc00001dad0, 0xc00001dad0, 0xc00001dda0)
	/Users/runner/work/opa/opa/topdown/eval.go:957 +0x1e6
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0x0?, 0xc00063bdd8?, 0x4010027?, 0x28?, 0x56fd980?, 0x1?)
	/Users/runner/work/opa/opa/topdown/eval.go:842 +0x5a8
github.com/open-policy-agent/opa/topdown.(*eval).unify(0x5?, 0x0?, 0x0?, 0x4?)
	/Users/runner/work/opa/opa/topdown/eval.go:834 +0x26
github.com/open-policy-agent/opa/topdown.(*eval).evalStep(0xc000268600, 0xc000477550)
	/Users/runner/work/opa/opa/topdown/eval.go:352 +0x6a5
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268600, 0xc00001bc20)
	/Users/runner/work/opa/opa/topdown/eval.go:333 +0xec
github.com/open-policy-agent/opa/topdown.(*eval).next(...)
	/Users/runner/work/opa/opa/topdown/eval.go:165
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr.func1(0xc000268600)
	/Users/runner/work/opa/opa/topdown/eval.go:334 +0x29
github.com/open-policy-agent/opa/topdown.(*eval).evalStep.func1()
	/Users/runner/work/opa/opa/topdown/eval.go:354 +0x39
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268600, 0xc000003a88, 0xc000018198, 0xc00001dc20, 0xc00001dad0, 0xc00001db30)
	/Users/runner/work/opa/opa/topdown/eval.go:993 +0x57a
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0x6f00108?, 0x90?, 0xc000700000?, 0xc00001bef0?, 0x0?, 0xc000700000?)
	/Users/runner/work/opa/opa/topdown/eval.go:861 +0x285
github.com/open-policy-agent/opa/topdown.evalTerm.eval({0xc000268600, {0xc0000131a0, 0x3, 0x3}, 0x3, 0xc00001dad0, 0xc000003a88, 0xc00001dc20, 0xc000018198, 0xc00001dad0}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2918 +0x19a
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalTerm({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x2, 0xc000442e80, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2901 +0xf8
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValueRule.func1(0xc000268800)
	/Users/runner/work/opa/opa/topdown/eval.go:2788 +0x1ab
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268800, 0xc00001bd40)
	/Users/runner/work/opa/opa/topdown/eval.go:308 +0x117
github.com/open-policy-agent/opa/topdown.(*eval).next(...)
	/Users/runner/work/opa/opa/topdown/eval.go:165
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr.func1(0xc000268800)
	/Users/runner/work/opa/opa/topdown/eval.go:334 +0x29
github.com/open-policy-agent/opa/topdown.(*eval).evalStep.func3()
	/Users/runner/work/opa/opa/topdown/eval.go:376 +0x1aa
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268800, 0xc000003ab8, 0xc000020330, 0xc00001dc20, 0xc00001dc20, 0xc00001dc50)
	/Users/runner/work/opa/opa/topdown/eval.go:993 +0x57a
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc00063c6d8?, 0xc00063c5f0?, 0x4010027?, 0x30?, 0x5712580?, 0xc0003f8301?)
	/Users/runner/work/opa/opa/topdown/eval.go:851 +0x545
github.com/open-policy-agent/opa/topdown.(*eval).unify(0xc0005d08e0?, 0xa?, 0xc00063c6d8?, 0x2?)
	/Users/runner/work/opa/opa/topdown/eval.go:834 +0x26
github.com/open-policy-agent/opa/topdown.(*eval).evalStep(0xc000268800, 0xc0004774e0)
	/Users/runner/work/opa/opa/topdown/eval.go:368 +0x4cf
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268800, 0xc00001bd40)
	/Users/runner/work/opa/opa/topdown/eval.go:333 +0xec
github.com/open-policy-agent/opa/topdown.(*eval).eval(...)
	/Users/runner/work/opa/opa/topdown/eval.go:295
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValueRule({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x2, 0xc000442e80, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2772 +0x36b
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValue({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x2, 0xc000442e80, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2738 +0x1c8
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.eval({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x2, 0xc000442e80, 0xc00001dad0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2704 +0x225
github.com/open-policy-agent/opa/topdown.evalVirtual.eval({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x2, 0xc00001dad0, 0xc000018198, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2295 +0x3e5
github.com/open-policy-agent/opa/topdown.evalTree.next({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x2, 0xc00001dad0, 0xc000018198, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2090 +0x2fd
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x2, 0xc00001dad0, 0xc000018198, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2043 +0xc5
github.com/open-policy-agent/opa/topdown.evalTree.next({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x1, 0xc00001dad0, 0xc000018198, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2096 +0x33f
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268600, {0xc0000131a0, 0x3, 0x3}, {0xc000020210, 0x3, 0x3}, 0x1, 0xc00001dad0, 0xc000018198, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2043 +0xc5
github.com/open-policy-agent/opa/topdown.(*eval).biunifyRef(0xc000268600, 0x5b37840?, 0xc000018198, 0xc00001dad0, 0xc00001dad0, 0x447299d?)
	/Users/runner/work/opa/opa/topdown/eval.go:1030 +0x425
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268600, 0xc000018198, 0xc000003c68, 0xc00001dad0, 0xc00001dad0, 0xc00001db30)
	/Users/runner/work/opa/opa/topdown/eval.go:957 +0x1e6
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc000270300?, 0xc00063d258?, 0x4010027?, 0x28?, 0x56fd980?, 0x400da01?)
	/Users/runner/work/opa/opa/topdown/eval.go:842 +0x5a8
github.com/open-policy-agent/opa/topdown.(*eval).unify(0x400fc01?, 0x63d36a8?, 0xc00063d340?, 0x451383b?)
	/Users/runner/work/opa/opa/topdown/eval.go:834 +0x26
github.com/open-policy-agent/opa/topdown.(*eval).evalStep(0xc000268600, 0xc0004774c0)
	/Users/runner/work/opa/opa/topdown/eval.go:352 +0x6a5
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268600, 0xc00001bc20)
	/Users/runner/work/opa/opa/topdown/eval.go:333 +0xec
github.com/open-policy-agent/opa/topdown.(*eval).next(...)
	/Users/runner/work/opa/opa/topdown/eval.go:165
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr.func1(0xc000268600)
	/Users/runner/work/opa/opa/topdown/eval.go:334 +0x29
github.com/open-policy-agent/opa/topdown.(*eval).evalStep.func3()
	/Users/runner/work/opa/opa/topdown/eval.go:376 +0x1aa
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268600, 0xc000003b48, 0xc0000201f8, 0xc00001dad0, 0xc00001dad0, 0xc00001db00)
	/Users/runner/work/opa/opa/topdown/eval.go:993 +0x57a
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc00063d750?, 0xc00063d668?, 0x4010027?, 0x30?, 0x5712580?, 0xc0003f8301?)
	/Users/runner/work/opa/opa/topdown/eval.go:851 +0x545
github.com/open-policy-agent/opa/topdown.(*eval).unify(0xc0005d0880?, 0xa?, 0xc00063d750?, 0x2?)
	/Users/runner/work/opa/opa/topdown/eval.go:834 +0x26
github.com/open-policy-agent/opa/topdown.(*eval).evalStep(0xc000268600, 0xc000477480)
	/Users/runner/work/opa/opa/topdown/eval.go:368 +0x4cf
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc000268600, 0xc00001bc20)
	/Users/runner/work/opa/opa/topdown/eval.go:333 +0xec
github.com/open-policy-agent/opa/topdown.(*eval).eval(...)
	/Users/runner/work/opa/opa/topdown/eval.go:295
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValueRule({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x2, 0xc000442d40, 0xc00001d860, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2772 +0x36b
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.evalValue({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x2, 0xc000442d40, 0xc00001d860, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2738 +0x1c8
github.com/open-policy-agent/opa/topdown.evalVirtualComplete.eval({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x2, 0xc000442d40, 0xc00001d860, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2704 +0x225
github.com/open-policy-agent/opa/topdown.evalVirtual.eval({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x2, 0xc00001d860, 0xc000020090, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2295 +0x3e5
github.com/open-policy-agent/opa/topdown.evalTree.next({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x2, 0xc00001d860, 0xc000020090, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2090 +0x2fd
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x2, 0xc00001d860, 0xc000020090, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2043 +0xc5
github.com/open-policy-agent/opa/topdown.evalTree.next({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x1, 0xc00001d860, 0xc000020090, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2096 +0x33f
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268000, {0xc0004551a0, 0x3, 0x4}, {0xc0000200d8, 0x3, 0x3}, 0x1, 0xc00001d860, 0xc000020090, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2043 +0xc5
github.com/open-policy-agent/opa/topdown.(*eval).biunifyRef(0xc000268000, 0x5b37840?, 0xc000020090, 0xc00001d860, 0xc00001d860, 0x203000?)
	/Users/runner/work/opa/opa/topdown/eval.go:1030 +0x425
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268000, 0xc0000200c0, 0xc000020090, 0xc00001d860, 0xc00001d860, 0xc000054400)
	/Users/runner/work/opa/opa/topdown/eval.go:946 +0x112
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc0004551a0?, 0x3?, 0x4?, 0x2?, 0x2?, 0xc00063e340?)
	/Users/runner/work/opa/opa/topdown/eval.go:842 +0x5a8
github.com/open-policy-agent/opa/topdown.(*eval).unify(...)
	/Users/runner/work/opa/opa/topdown/eval.go:834
github.com/open-policy-agent/opa/topdown.evalTree.leaves({0xc000268000, {0xc000476f90, 0x2, 0x2}, {0xc0004773e0, 0x2, 0x2}, 0x2, 0xc00001d860, 0xc000019ce0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2211 +0x550
github.com/open-policy-agent/opa/topdown.evalTree.extent({0xc000268000, {0xc000476f90, 0x2, 0x2}, {0xc0004773e0, 0x2, 0x2}, 0x2, 0xc00001d860, 0xc000019ce0, ...})
	/Users/runner/work/opa/opa/topdown/eval.go:2165 +0xe5
github.com/open-policy-agent/opa/topdown.evalTree.finish({0xc000268000, {0xc000476f90, 0x2, 0x2}, {0xc0004773e0, 0x2, 0x2}, 0x2, 0xc00001d860, 0xc000019ce0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2060 +0x145
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268000, {0xc000476f90, 0x2, 0x2}, {0xc0004773e0, 0x2, 0x2}, 0x2, 0xc00001d860, 0xc000019ce0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2037 +0x138
github.com/open-policy-agent/opa/topdown.evalTree.next({0xc000268000, {0xc000476f90, 0x2, 0x2}, {0xc0004773e0, 0x2, 0x2}, 0x1, 0xc00001d860, 0xc000019ce0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2096 +0x33f
github.com/open-policy-agent/opa/topdown.evalTree.eval({0xc000268000, {0xc000476f90, 0x2, 0x2}, {0xc0004773e0, 0x2, 0x2}, 0x1, 0xc00001d860, 0xc000019ce0, ...}, ...)
	/Users/runner/work/opa/opa/topdown/eval.go:2043 +0xc5
github.com/open-policy-agent/opa/topdown.(*eval).biunifyRef(0xc000268000, 0x5b37840?, 0xc000019ce0, 0xc00001d860, 0xc00001d860, 0x0?)
	/Users/runner/work/opa/opa/topdown/eval.go:1030 +0x425
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc000268000, 0xc000019cc8, 0xc000019ce0, 0xc00001d860, 0xc00001d860, 0xc00001d980)
	/Users/runner/work/opa/opa/topdown/eval.go:946 +0x112
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xe901000?, 0xc00063eac8?, 0x4010027?, 0x28?, 0x56fd980?, 0x401?)
	/Users/runner/work/opa/opa/topdown/eval.go:842 +0x5a8
github.com/open-policy-agent/opa/topdown.(*eval).unify(0xeafffff?, 0xe901100?, 0xe901000?, 0xc00063eb38?)
	/Users/runner/work/opa/opa/topdown/eval.go:834 +0x26

ℹ️ This issue is for visibility. It's been fixed in #5214. We'll now go back to the previous behaviour -- it's just invalid signatures.
@srenatus srenatus added the bug label Oct 7, 2022
@srenatus
Copy link
Contributor Author

srenatus commented Oct 7, 2022

The fix will be shipped with v0.45.0.

@srenatus srenatus closed this as completed Oct 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@srenatus