fix: panic with unsigned local image #2656

hectorj2f · 2023-01-25T12:02:23Z

Signed-off-by: Hector Fernandez [email protected]

Summary

For unsigned images when verified locally, the cli panics getting the signatures.

cosign verify --local-image ./localimage  --certificate-identity-regexp='.*'  --certificate-oidc-issuer-regexp='.*'
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x30 pc=0x102bb700c]

goroutine 1 [running]:
github.com/sigstore/cosign/v2/pkg/cosign.verifySignatures({0x104929df0, 0x14000056080}, {0x0?, 0x0?}, {{0x103e019b5?, 0x14000faa800?}, {0x14001009900?, 0x1?}}, 0x1?)
	github.com/sigstore/cosign/v2/pkg/cosign/verify.go:548 +0x4c
github.com/sigstore/cosign/v2/pkg/cosign.VerifyLocalImageSignatures({0x104929df0, 0x14000056080}, {0x16db4f94e?, 0x140002c3f50?}, 0x140005ad840)
	github.com/sigstore/cosign/v2/pkg/cosign/verify.go:544 +0x1a0
github.com/sigstore/cosign/v2/cmd/cosign/cli/verify.(*VerifyCommand).Exec(0x140005ada10, {0x104929df0, 0x14000056080}, {0x140007ce5c0, 0x1, 0x14000184c80?})
	github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify.go:263 +0xc90
github.com/sigstore/cosign/v2/cmd/cosign/cli.Verify.func1(0x14000825800, {0x140007ce5c0, 0x1, 0x4})
	github.com/sigstore/cosign/v2/cmd/cosign/cli/verify.go:132 +0x2c4
github.com/spf13/cobra.(*Command).execute(0x14000825800, {0x140007ce580, 0x4, 0x4})
	github.com/spf13/[email protected]/command.go:916 +0x5c8
github.com/spf13/cobra.(*Command).ExecuteC(0x14000456600)
	github.com/spf13/[email protected]/command.go:1044 +0x35c
github.com/spf13/cobra.(*Command).Execute(...)
	github.com/spf13/[email protected]/command.go:968
main.main()
	github.com/sigstore/cosign/v2/cmd/cosign/main.go:62 +0x58

while with this fix you get:

cosign verify --local-image ./localimage  --certificate-identity-regexp='.*'  --certificate-oidc-issuer-regexp='.*'
Error: no signatures associated with local image saved in ./localimage
main.go:63: error during command execution: no signatures associated with local image saved in ./localimage

Release Note

fix: panic when verifying unsigned local images

Documentation

Signed-off-by: Hector Fernandez <[email protected]>

priyawadhwa

thanks hector!

Signed-off-by: Hector Fernandez <[email protected]> Signed-off-by: Hector Fernandez <[email protected]>

fix: panic with unsigned local image

f39163b

Signed-off-by: Hector Fernandez <[email protected]>

hectorj2f added the bug Something isn't working label Jan 25, 2023

hectorj2f requested review from haydentherapper and priyawadhwa January 25, 2023 12:02

hectorj2f self-assigned this Jan 25, 2023

priyawadhwa approved these changes Jan 25, 2023

View reviewed changes

priyawadhwa merged commit 5990090 into sigstore:main Jan 25, 2023

github-actions bot added this to the v1.14.0 milestone Jan 25, 2023

uralsemih pushed a commit to uralsemih/cosign that referenced this pull request Jan 29, 2023

fix: panic with unsigned local image (sigstore#2656)

61cbaf6

Signed-off-by: Hector Fernandez <[email protected]> Signed-off-by: Hector Fernandez <[email protected]>

dmitris pushed a commit to dmitris/cosign that referenced this pull request Mar 24, 2023

fix: panic with unsigned local image (sigstore#2656)

c32317b

Signed-off-by: Hector Fernandez <[email protected]> Signed-off-by: Hector Fernandez <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: panic with unsigned local image #2656

fix: panic with unsigned local image #2656

hectorj2f commented Jan 25, 2023 •

edited

Loading

priyawadhwa left a comment

fix: panic with unsigned local image #2656

fix: panic with unsigned local image #2656

Conversation

hectorj2f commented Jan 25, 2023 • edited Loading

Summary

Release Note

Documentation

priyawadhwa left a comment

Choose a reason for hiding this comment

hectorj2f commented Jan 25, 2023 •

edited

Loading