Skip to content

crypto: fix handling of null BUF_MEM* in ToV8Value()#61885

Open
ndossche wants to merge 2 commits intonodejs:mainfrom
ndossche:clesss-4
Open

crypto: fix handling of null BUF_MEM* in ToV8Value()#61885
ndossche wants to merge 2 commits intonodejs:mainfrom
ndossche:clesss-4

Conversation

@ndossche
Copy link

The assignment to bptr calls BIO_get_mem_ptr which can fail and leave the bptr as nullptr. This then later causes a null pointer deref.
This is inconsistent with uses of the similar function BIO_get_mem_data that do check its return value, e.g. node::crypto::X509sToArrayOfStrings().
Solve it by checking for a null pointer and handling the Nothing return value at the call sites.

Note: this was found by a static-dynamic analyser I'm developing.

The assignment to `bptr` calls `BIO_get_mem_ptr` which can fail and
leave the `bptr` as nullptr. This then later causes a null pointer
deref.
This is inconsistent with uses of the similar function
`BIO_get_mem_data` that do check its return value, e.g.
`node::crypto::X509sToArrayOfStrings()`.
Solve it by checking for a null pointer and handling the `Nothing`
return value at the call sites.
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Feb 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments