Skip to content

crypto: fix missing nullptr check on RSA_new()#61888

Open
ndossche wants to merge 3 commits intonodejs:mainfrom
ndossche:clesss-5
Open

crypto: fix missing nullptr check on RSA_new()#61888
ndossche wants to merge 3 commits intonodejs:mainfrom
ndossche:clesss-5

Conversation

@ndossche
Copy link
Contributor

@ndossche ndossche commented Feb 19, 2026

Not checking this can cause a null deref. Since there is already a null check at the bottom of the function with NewRSA().

Note: this was found by a static-dynamic analyser I'm developing.

@ndossche
crypto: fix missing nullptr check on RSA_new()
00b4cf8 
Not checking this can cause a null deref. Since there is already a
null check at the bottom of the function with `NewRSA()`.
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 19, 2026

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Feb 19, 2026
@codecov
Copy link

codecov bot commented Feb 19, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.77%. Comparing base (4a13a62) to head (09ed002).
⚠️ Report is 68 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_rsa.cc 0.00% 4 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #61888      +/-   ##
==========================================
+ Coverage   89.76%   89.77%   +0.01%     
==========================================
  Files         675      674       -1     
  Lines      204674   205610     +936     
  Branches    39330    39413      +83     
==========================================
+ Hits       183716   184583     +867     
- Misses      13235    13287      +52     
- Partials     7723     7740      +17
Files with missing lines Coverage Δ
src/crypto/crypto_rsa.cc 62.58% <0.00%> (-1.03%) ⬇️

... and 152 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

addaleax
addaleax requested changes Feb 20, 2026
View reviewed changes
@addaleax addaleax added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Feb 24, 2026
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 24, 2026
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 24, 2026
edited by addaleax
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/71437/ (💛)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ndossche @nodejs-github-bot @addaleax