From 13e46b7df28a3513861679790c903a21928b9302 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Sat, 14 Mar 2026 22:49:12 +0000
Subject: [PATCH] fix: guard croakSsl() against NULL error string
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ERR_reason_error_string() returns NULL when the OpenSSL error queue
is empty (ERR_get_error() returns 0). Passing NULL to croak's %s
format is undefined behavior — on most platforms it prints "(null)"
but it can also segfault.

This can happen when an OpenSSL function signals failure via its
return value without pushing an error to the queue (e.g. some
EVP_PKEY operations on malformed keys).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/RSA.xs b/RSA.xs
index c756860..a6072eb 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -76,7 +76,8 @@ void croakSsl(char* p_file, int p_line)
     /* Just return the top error on the stack */
     errorReason = ERR_reason_error_string(ERR_get_error());
     ERR_clear_error();
-    croak("%s:%d: OpenSSL error: %s", p_file, p_line, errorReason);
+    croak("%s:%d: OpenSSL error: %s", p_file, p_line,
+          errorReason ? errorReason : "(unknown error)");
 }
 
 #define CHECK_OPEN_SSL(p_result) if (!(p_result)) croakSsl(__FILE__, __LINE__);