Skip to content

fix: add NULL check before EVP_PKEY_check() in _new_key_from_parameters()#105

Closed
toddr-bot wants to merge 0 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-test-ctx-null-deref
Closed

fix: add NULL check before EVP_PKEY_check() in _new_key_from_parameters()#105
toddr-bot wants to merge 0 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-test-ctx-null-deref

Conversation

@toddr-bot
Copy link
Copy Markdown
Contributor

@toddr-bot toddr-bot commented Mar 14, 2026
edited
Loading

What

Add missing NULL check on test_ctx before calling EVP_PKEY_check() in _new_key_from_parameters().

Why

EVP_PKEY_CTX_new_from_pkey() can return NULL on allocation failure. Without a guard, EVP_PKEY_check(NULL) is undefined behavior — potential segfault. The check_key() function at line 892 already handles this correctly via CHECK_OPEN_SSL(pctx); this applies the same pattern using THROW.

How

Single-line addition: THROW(test_ctx != NULL) between allocation and use. THROW sets the error flag and jumps to the err: cleanup label, consistent with the rest of the function.

Testing

Full test suite passes (318 tests, 10 files).

🤖 Generated with Claude Code

Quality Report

Changes: 1 file changed, 1 insertion(+)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

@Koan-Bot
Copy link
Copy Markdown
Contributor

Koan-Bot commented Mar 16, 2026

PR Review — fix: add NULL check before EVP_PKEY_check() in _new_key_from_parameters()

Clean, minimal fix. Adding THROW(test_ctx != NULL) before EVP_PKEY_check(test_ctx) prevents undefined behavior (potential segfault) if EVP_PKEY_CTX_new_from_pkey() returns NULL on allocation failure. The THROW macro (line 89) sets error = 1 and jumps to err: cleanup, which is consistent with the surrounding code. The EVP_PKEY_CTX_free(test_ctx) call on the next line is skipped on the error path, which is fine since test_ctx is NULL in that case (and EVP_PKEY_CTX_free(NULL) is a no-op anyway). Merge-ready.

Checklist

  • No NULL dereference on allocation failure
  • Cleanup on error path correct
  • Consistent with existing patterns (THROW macro usage)

Summary

Clean, minimal fix. Adding THROW(test_ctx != NULL) before EVP_PKEY_check(test_ctx) prevents undefined behavior (potential segfault) if EVP_PKEY_CTX_new_from_pkey() returns NULL on allocation failure. The THROW macro (line 89) sets error = 1 and jumps to err: cleanup, which is consistent with the surrounding code. The EVP_PKEY_CTX_free(test_ctx) call on the next line is skipped on the error path, which is fine since test_ctx is NULL in that case (and EVP_PKEY_CTX_free(NULL) is a no-op anyway). Merge-ready.

Automated review by Kōan

@timlegge
Copy link
Copy Markdown
Member

timlegge commented Mar 17, 2026

@toddr-bot rebase

@toddr-bot
Copy link
Copy Markdown
Contributor Author

toddr-bot commented Mar 17, 2026

❌ Permission denied. Only users with write access can trigger bot commands.

@atoomic
Copy link
Copy Markdown
Collaborator

atoomic commented Mar 17, 2026

@toddr-bot rebase

@atoomic atoomic self-assigned this Mar 17, 2026
@atoomic atoomic marked this pull request as ready for review March 17, 2026 22:35
timlegge
timlegge requested changes Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@timlegge timlegge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this can be closed. It looks to be taken care of already

@toddr-bot toddr-bot closed this Mar 18, 2026
@toddr-bot toddr-bot force-pushed the koan.toddr.bot/fix-test-ctx-null-deref branch from 376ef99 to 892eede Compare March 18, 2026 01:25
@toddr-bot
Copy link
Copy Markdown
Contributor Author

toddr-bot commented Mar 18, 2026

Rebase: fix: add NULL check before EVP_PKEY_check() in _new_key_from_parameters()

Branch koan.toddr.bot/fix-test-ctx-null-deref rebased onto main and force-pushed.

Review feedback was analyzed and applied.

Actions

  • Resolved merge conflicts (4 round(s))
  • Rebased koan.toddr.bot/fix-test-ctx-null-deref onto upstream/main
  • Force-pushed koan.toddr.bot/fix-test-ctx-null-deref to origin
  • CI passed

CI

CI passed.

Automated by Kōan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge requested changes

Assignees

@atoomic atoomic

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@toddr-bot @Koan-Bot @timlegge @atoomic