Skip to content

fix: get_public_key_string() error-path leaks on 3.x#114

Merged
atoomic merged 2 commits into
cpan-authors:mainfrom
atoomic:koan.atoomic/fix-get-pubkey-error-leaks
Mar 19, 2026
Merged

fix: get_public_key_string() error-path leaks on 3.x#114
atoomic merged 2 commits into
cpan-authors:mainfrom
atoomic:koan.atoomic/fix-get-pubkey-error-leaks

Conversation

@Koan-Bot
Copy link
Copy Markdown
Contributor

@Koan-Bot Koan-Bot commented Mar 16, 2026

What

Replace CHECK_OPEN_SSL with THROW/goto err in get_public_key_string() for the OpenSSL 3.x OSSL_ENCODER path.

Why

If OSSL_ENCODER_CTX_new_for_pkey() partially succeeds but the encoders check fails, or if OSSL_ENCODER_to_bio() fails, CHECK_OPEN_SSL would croak immediately — leaking the OSSL_ENCODER_CTX and the BIO.

Same fix class as PRs #79, #80, #81, #108: THROW/goto err ensures cleanup before croak.

Testing

All 219 core tests pass on macOS with OpenSSL 3.6.1.

🤖 Generated with Claude Code

timlegge
timlegge requested changes Mar 17, 2026
View reviewed changes
Comment thread RSA.xs Outdated

goto pubkey_done;
err:
if (ctx) OSSL_ENCODER_CTX_free(ctx);
Copy link
Copy Markdown
Member

@timlegge timlegge Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Koan-Bot
ctx = NULL;

should follow this for consistency an future changes

@atoomic
Copy link
Copy Markdown
Collaborator

atoomic commented Mar 17, 2026

@Koan-Bot rebase

Koan-Bot added 2 commits March 17, 2026 18:55
@Koan-Bot
fix: prevent resource leaks in get_public_key_string() on OpenSSL 3.x
6137eb8 
Replace CHECK_OPEN_SSL with THROW/goto err for the OSSL_ENCODER_CTX
setup in get_public_key_string(). If encoder creation or encoding
fails, both the OSSL_ENCODER_CTX and BIO are now properly freed
before croaking.
@Koan-Bot
rebase: apply review feedback on cpan-authors#114
de4e020
@Koan-Bot Koan-Bot force-pushed the koan.atoomic/fix-get-pubkey-error-leaks branch from 25dc24f to de4e020 Compare March 18, 2026 00:55
@Koan-Bot
Copy link
Copy Markdown
Contributor Author

Koan-Bot commented Mar 18, 2026

Rebase: fix: get_public_key_string() error-path leaks on 3.x

Branch koan.atoomic/fix-get-pubkey-error-leaks rebased onto main and force-pushed.

Diff: 1 file changed, 15 insertions(+), 9 deletions(-)

Review feedback was analyzed and applied.

Actions

  • Resolved merge conflicts (1 round(s))
  • Rebased koan.atoomic/fix-get-pubkey-error-leaks onto upstream/main
  • Applied review feedback
  • Force-pushed koan.atoomic/fix-get-pubkey-error-leaks to origin
  • CI passed

CI

CI passed.

Automated by Kōan

@timlegge timlegge marked this pull request as ready for review March 18, 2026 23:29
@timlegge
Copy link
Copy Markdown
Member

timlegge commented Mar 18, 2026

@atoomic this one looks fine to me

@atoomic atoomic merged commit 5638c84 into cpan-authors:main Mar 19, 2026
54 checks passed
@Koan-Bot Koan-Bot mentioned this pull request Mar 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Koan-Bot @atoomic @timlegge