Skip to content

fix(command): add nil check for GetCoreConfigInternal during SIGHUP reload#31935

Open
wucm667 wants to merge 1 commit into
hashicorp:mainfrom
wucm667:fix/dev-mode-sighup-sigsegv
Open

fix(command): add nil check for GetCoreConfigInternal during SIGHUP reload#31935
wucm667 wants to merge 1 commit into
hashicorp:mainfrom
wucm667:fix/dev-mode-sighup-sigsegv

Conversation

@wucm667
Copy link
Copy Markdown

@wucm667 wucm667 commented Apr 30, 2026

Fixes #31800

What did you do?

Started a vault dev server in docker and sent a HUP signal to trigger a config reload:
docker run --rm --name vault hashicorp/vault:latest server -dev
docker kill --signal=HUP vault

What did you see instead?

Vault crashed with a panic:
panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x961ac56]

Stack trace pointed to command/server.go:1692 in (*ServerCommand).Run.

Root Cause

GetCoreConfigInternal() returns nil in dev mode, but the SIGHUP reload handler does not check for nil before accessing .Seals on the returned config. This was working in 1.18 and lower but regressed in 1.19.

Fix

Store the result of GetCoreConfigInternal() in a variable and check if it's not nil before accessing .Seals. If nil, log a warning and skip the seal reload gracefully.

Changes

  • command/server.go: Add nil check before accessing GetCoreConfigInternal().Seals in two places (lines 1718 and 1721)

Signed-off-by: wucm667 stevenwucongmin@gmail.com

@wucm667
fix(command): add nil check for GetCoreConfigInternal during SIGHUP r…
ca2d069 
…eload

Fixes hashicorp#31800

Sending SIGHUP to vault dev server in docker causes SIGSEGV (nil pointer
dereference) since version 1.19. The stack trace points to
command/server.go where GetCoreConfigInternal() returns nil in dev mode,
but the reload handler doesn't check for nil before accessing its fields.

Fix: Store the result of GetCoreConfigInternal() in a variable and check
if it's not nil before accessing .Seals. If nil, log a warning and skip
the seal reload gracefully.

Signed-off-by: wucm667 <stevenwucongmin@gmail.com>
@wucm667 wucm667 requested a review from a team as a code owner April 30, 2026 03:45
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 30, 2026

@wucm667 is attempting to deploy a commit to the HashiCorp Team on Vercel.

A member of the Team first needs to authorize it.

@dosubot dosubot Bot added size:S This PR changes 10-29 lines, ignoring generated files. bug Used to indicate a potential bug core/cli regression Used to indicate possible regressions between versions labels Apr 30, 2026
@hashicorp-cla-app
Copy link
Copy Markdown

hashicorp-cla-app Bot commented Apr 30, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@garvit-hashicorp garvit-hashicorp Awaiting requested review from garvit-hashicorp garvit-hashicorp is a code owner automatically assigned from hashicorp/vault

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug Used to indicate a potential bug core/cli regression Used to indicate possible regressions between versions size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SIGHUP on dev server causes SIGSEGV since 1.19 in docker

1 participant

@wucm667