This repository was archived by the owner on May 24, 2023. It is now read-only.
This repository was archived by the owner on May 24, 2023. It is now read-only.
Nil pointer dereference on KeyRefreshUnknownKID #75
Description
The README mentions that the config property KeyRefreshUnknownKID is a boolean defaulting to false, but in code the field on Config has type *bool and is referenced in exactly one place, inside of KeySet.getKey:
jsonKey, ok = j.Keys[kid]
j.mux.RUnlock()
// Check if the key was present.
if !ok {
// Check to see if configured to refresh on unknown kid.
if *j.Config.KeyRefreshUnknownKID {Thus, if you don't specify a non-nil value for this property and you reach this line because you did provide a value for KeySetURL, your program will panic. I believe we've seen this in testing.
What we could do, and what seems in line with the use of other pointer-valued config properties in this file, is change the conditional to
if j.Config.KeyRefreshUnknownKID != nil && *j.Config.KeyRefreshUnknownKID {