fix: guard croakSsl() against NULL error string#104
Merged
atoomic merged 1 commit intoMar 17, 2026
Conversation
ERR_reason_error_string() returns NULL when the OpenSSL error queue is empty (ERR_get_error() returns 0). Passing NULL to croak's %s format is undefined behavior — on most platforms it prints "(null)" but it can also segfault. This can happen when an OpenSSL function signals failure via its return value without pushing an error to the queue (e.g. some EVP_PKEY operations on malformed keys). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
timlegge
approved these changes
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Prevent undefined behavior in
croakSsl()when the OpenSSL error queue is empty.Why
ERR_reason_error_string(ERR_get_error())returns NULL when no error is queued. Passing NULL tocroak()'s%sformat specifier is undefined behavior per C standard — may print "(null)" on glibc but can segfault on other platforms.This is reachable when an OpenSSL function signals failure via return value without pushing to the error queue (some EVP_PKEY operations on malformed keys, certain provider errors on OpenSSL 3.x).
How
Add a NULL guard with an
"(unknown error)"fallback — single-line conditional, zero overhead on the normal path.Testing
All 318 tests pass. The fix is defensive — it guards against a condition that's hard to trigger from Perl land but real in edge cases.
🤖 Generated with Claude Code
Quality Report
Changes: 1 file changed, 2 insertions(+), 1 deletion(-)
Code scan: clean
Tests: passed (OK)
Branch hygiene: clean
Generated by Kōan post-mission quality pipeline