Skip to content

crypto: Fix potential null pointer dereference when BIO_meth_new() fails #61788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ndossche wants to merge 2 commits into
base: main
Choose a base branch
from
Open

crypto: Fix potential null pointer dereference when BIO_meth_new() fails #61788

ndossche wants to merge 2 commits into from
+2 −0

Conversation

@ndossche
Copy link

@ndossche ndossche commented Feb 12, 2026
edited
Loading

This function can return null, which will make the calls to BIO_meth_set_* trigger a null deref.
Even after fixing this, there is an issue with the BIOPointer::New(GetMethod()) call in NodeBIO::New because the New method cannot handle a null pointer despite other code already guarding for this
(e.g. the NodeBIO::New function already checks bio). This patch solves the issues by adding more null checks.

Note: this was found by a static-dynamic analyser I'm developing.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 12, 2026

Review requested:

  • @nodejs/crypto
  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. labels Feb 12, 2026
addaleax
addaleax reviewed Feb 12, 2026
View reviewed changes
src/crypto/crypto_bio.cc
@@ -226,13 +226,15 @@ const BIO_METHOD* NodeBIO::GetMethod() {
// Static initialization ensures that this is safe to use concurrently.
static const BIO_METHOD* method = [&]() {
BIO_METHOD* method = BIO_meth_new(BIO_TYPE_MEM, "node.js SSL buffer");
Copy link
Member

@addaleax addaleax Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably better to just CHECK_NOT_NULL(method); here, no?

Copy link
Author

@ndossche ndossche Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps, some places seem to try to gracefully handle nulls, others don't, so I wasn't too sure. I'll change it.

jasnell
jasnell reviewed Feb 12, 2026
View reviewed changes
@ndossche
crypto: fix potential null pointer dereference when BIO_meth_new() fails
3ee6e91 
This function can return null, which will make the calls to
BIO_meth_set_* trigger a null deref.
Even after fixing this, there is an issue with the
`BIOPointer::New(GetMethod())` call in `NodeBIO::New` because the
`New` method cannot handle a null pointer despite other code already
guarding for this
(e.g. the `NodeBIO::New` function already checks `bio`).
This patch solves the issues by adding more null checks.
@ndossche
fixup! Use CHECK_NOT_NULL()
6ffa012
ndossche added a commit to ndossche/ncrypto that referenced this pull request Feb 12, 2026
@ndossche
crypto: add null check to BIOPointer::New()
bc2a881 
This function calls BIO_new() which mustn't receive a null pointer
argument. Yet it is able to handle null BIOs gracefully.
To solve this, add a null check.

Ref: nodejs/node#61788
@ndossche ndossche mentioned this pull request Feb 12, 2026
Merged
ndossche added a commit to ndossche/ncrypto that referenced this pull request Feb 12, 2026
@ndossche
fix: add null check to BIOPointer::New()
426511d 
This function calls BIO_new() which mustn't receive a null pointer
argument. Yet it is able to handle null BIOs gracefully.
To solve this, add a null check.

Ref: nodejs/node#61788
@codecov
Copy link

codecov bot commented Feb 12, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 89.73%. Comparing base (4a13a62) to head (6ffa012).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_bio.cc 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #61788      +/-   ##
==========================================
- Coverage   89.76%   89.73%   -0.03%     
==========================================
  Files         675      675              
  Lines      204674   204675       +1     
  Branches    39330    39340      +10     
==========================================
- Hits       183716   183656      -60     
- Misses      13235    13293      +58     
- Partials     7723     7726       +3
Files with missing lines Coverage Δ
src/crypto/crypto_bio.cc 75.52% <0.00%> (-0.27%) ⬇️

... and 35 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax left review comments

@jasnell jasnell jasnell approved these changes

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ndossche @nodejs-github-bot @jasnell @addaleax