Skip to content

fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()#87

Merged
atoomic merged 1 commit into
cpan-authors:mainfrom
atoomic:koan.atoomic/fix-new-key-ctx-leak
Mar 16, 2026
Merged

fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()#87
atoomic merged 1 commit into
cpan-authors:mainfrom
atoomic:koan.atoomic/fix-new-key-ctx-leak

Conversation

@Koan-Bot
Copy link
Copy Markdown
Contributor

@Koan-Bot Koan-Bot commented Mar 13, 2026
edited
Loading

What

Free test_ctx EVP_PKEY_CTX that was leaked on every call to _new_key_from_parameters() (OpenSSL 3.x only).

Why

EVP_PKEY_CTX_new_from_pkey() at RSA.xs:649 allocates a context for EVP_PKEY_check(), but it was never freed — neither on the success path nor via the err: cleanup label. Every key construction from parameters leaked one EVP_PKEY_CTX.

How

Save the EVP_PKEY_check() result, free test_ctx immediately after, then THROW on failure. Also guards against NULL test_ctx before calling EVP_PKEY_check (defensive — EVP_PKEY_CTX_free(NULL) is a no-op).

Testing

make test — 281 tests pass. The fix is a straightforward resource cleanup with no behavioral change.

🤖 Generated with Claude Code

Quality Report

Changes: 1 file changed, 3 insertions(+), 1 deletion(-)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

@Koan-Bot Koan-Bot mentioned this pull request Mar 14, 2026
Merged
3 tasks
@timlegge
Copy link
Copy Markdown
Member

timlegge commented Mar 15, 2026

Approved

@atoomic atoomic marked this pull request as ready for review March 15, 2026 22:06
@atoomic
Copy link
Copy Markdown
Collaborator

atoomic commented Mar 15, 2026

@Koan-Bot rebase

@Koan-Bot
Copy link
Copy Markdown
Contributor Author

Koan-Bot commented Mar 15, 2026

Rebase: fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()

Branch koan.atoomic/fix-new-key-ctx-leak rebased onto main and force-pushed.

Diff: 1 file changed, 2 insertions(+), 2 deletions(-)

Review feedback was analyzed and applied.

Actions

  • Resolved merge conflicts (1 round(s))
  • Rebased koan.atoomic/fix-new-key-ctx-leak onto upstream/main
  • Force-pushed koan.atoomic/fix-new-key-ctx-leak to origin

Automated by Kōan

@Koan-Bot Koan-Bot force-pushed the koan.atoomic/fix-new-key-ctx-leak branch from 809044c to 8ff2ab7 Compare March 15, 2026 22:56
Koan-Bot added a commit to Koan-Bot/koan that referenced this pull request Mar 15, 2026
@Koan-Bot @claude
fix: rebase against PR's target repo remote, not blindly origin
3071cd1 
When a project has both an origin (fork) and upstream remote, the
rebase code tried origin first. If origin/main was stale (common
for forks), git rebase would replay all upstream commits as new
branch commits, producing PRs with dozens of spurious commits.

Add _find_remote_for_repo() to match the PR's target repository
(owner/repo) against local git remote URLs, then prioritize that
remote for the rebase. Falls back to origin/upstream if no match.

Applied the same fix to:
- rebase_pr._rebase_with_conflict_resolution (primary fix)
- claude_step._rebase_onto_target (used by pr_review.py)
- pr_review.run_pr_review (passes preferred remote through)

Fixes: cpan-authors/Crypt-OpenSSL-RSA#87 (57 commits after rebase)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Koan-Bot Koan-Bot mentioned this pull request Mar 15, 2026
Merged
@atoomic atoomic reopened this Mar 15, 2026
@timlegge
Copy link
Copy Markdown
Member

timlegge commented Mar 16, 2026

@Koan-Bot rebase

@atoomic
Copy link
Copy Markdown
Collaborator

atoomic commented Mar 16, 2026

@timlegge there was a bug with my rebase strategy, this is now fixed I think and as you can see above you can give instructions to the bot

@Koan-Bot @claude
fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()
19a244c 
test_ctx allocated via EVP_PKEY_CTX_new_from_pkey() at line 649 was
never freed on either success or error paths (OpenSSL 3.x only).

Save the EVP_PKEY_check() result, free test_ctx immediately, then
THROW on failure. Also guard against NULL test_ctx before calling
EVP_PKEY_check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Koan-Bot
Copy link
Copy Markdown
Contributor Author

Koan-Bot commented Mar 16, 2026

Rebase: fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()

Branch koan.atoomic/fix-new-key-ctx-leak rebased onto main and force-pushed.

Diff: 1 file changed, 2 insertions(+), 2 deletions(-)

Review feedback was analyzed and applied.

Actions

  • Rebased koan.atoomic/fix-new-key-ctx-leak onto upstream/main
  • Force-pushed koan.atoomic/fix-new-key-ctx-leak to origin

Automated by Kōan

@Koan-Bot Koan-Bot force-pushed the koan.atoomic/fix-new-key-ctx-leak branch from 8ff2ab7 to 19a244c Compare March 16, 2026 02:39
@atoomic atoomic merged commit f1f8774 into cpan-authors:main Mar 16, 2026
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Koan-Bot @timlegge @atoomic