Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: check for nullptr before dereferencing identity_buf #57071

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

crypto: check for nullptr before dereferencing identity_buf #57071

wants to merge 3 commits into from
+49 −1

Conversation

gurgunday
Copy link
Contributor

The js-side already checks for this so the test already passes, so I don't think it's a vulnerability

Just in case, added the check for future

Fix #56665

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Feb 15, 2025
@codecov Codecov
Copy link

codecov bot commented Feb 15, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 90.26%. Comparing base (e2bc395) to head (3d9278e).
Report is 36 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_tls.cc 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #57071      +/-   ##
==========================================
- Coverage   90.37%   90.26%   -0.11%     
==========================================
  Files         629      630       +1     
  Lines      184365   184634     +269     
  Branches    36016    36131     +115     
==========================================
+ Hits       166612   166666      +54     
- Misses      10918    11025     +107     
- Partials     6835     6943     +108
Files with missing lines Coverage Δ
src/crypto/crypto_tls.cc 78.16% <0.00%> (ø)

... and 51 files with indirect coverage changes

@gurgunday
Copy link
Contributor Author

Don't know how to test this since any js code would have its argument validated before moving to the C++ side

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@gurgunday
Copy link
Contributor Author

Rebased

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@gurgunday
Copy link
Contributor Author

CI failures seem unrelated?

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@gurgunday
Copy link
Contributor Author

Yeah seems to be random this CI failure, it was linux and now it's macos

@addaleax addaleax added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 23, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 23, 2025
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65391/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65433/

@addaleax addaleax added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Feb 27, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 27, 2025
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65469/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lpinca lpinca lpinca left review comments

@jasnell jasnell jasnell approved these changes

@addaleax addaleax addaleax approved these changes

@mertcanaltin mertcanaltin mertcanaltin approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Possible Null Pointer Dereference in TLSWrap::PskClientCallback
6 participants
@gurgunday @nodejs-github-bot @jasnell @addaleax @lpinca @mertcanaltin