Skip to content

Possible Null Pointer Dereference in TLSWrap::PskClientCallback #56665

New issue
New issue
Open
#57071
Open
Possible Null Pointer Dereference in TLSWrap::PskClientCallback#56665
#57071
Labels
tlsIssues and PRs related to the tls subsystem.
@wooffie

Description

@wooffie
wooffie
opened on Jan 20, 2025

Version

20.18.0

Platform

Subsystem

crypto

What steps will reproduce the bug?

Problem around with part of code - https://github.com/nodejs/node/blob/da5f7aca6ac1fac2b7840dc11c0ef8e740cfc414/src/crypto/crypto_tls.cc#L1559C1-L1564C58

After creating Utf8Value object code checks its length, but not checks for nullptr. After this nullptr can be dereferenced in memcpy call

How often does it reproduce? Is there a required condition?

Condition - identity_buf stores nullptr

What is the expected behavior? Why is that the expected behavior?

Return 0, for consistent API, for example

if (*identity_buf == nullptr || identity_buf.length() > max_identity_len)
    return 0;

What do you see instead?

Additional information

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reporter: Burkov Egor ([email protected]).

Organization: R-Vision ([email protected]).

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    tlsIssues and PRs related to the tls subsystem.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions