Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return value of a function 'EVP_PKEY_new' is dereferenced without checking for NULL, but it is usually checked for this function. #37695

Open
suhovv opened this issue Sep 12, 2024 · 1 comment
Open

Return value of a function 'EVP_PKEY_new' is dereferenced without checking for NULL, but it is usually checked for this function. #37695

suhovv opened this issue Sep 12, 2024 · 1 comment
Assignees
@yashykt
Labels
area/security kind/bug lang/c++ priority/P2 untriaged

Comments

@suhovv
Copy link

suhovv commented Sep 12, 2024

File: https://github.com/grpc/grpc/blob/v1.66.1/src/core/lib/security/credentials/jwt/jwt_verifier.cc
Line: 568

The EVP_PKEY_set1_RSA function sets an RSA key into an EVP_PKEY structure. It increments the reference counter of the RSA key, which means that after calling EVP_PKEY_set1_RSA, the rsa object must be freed with RSA_free only once.

result is created with EVP_PKEY_new(), but is not checked for nullptr after creation. However, if creation of result fails, it will be nullptr.

To prevent possible nullptr dereference, it is necessary to add a check for result immediately after its creation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yashykt yashykt

Labels
area/security kind/bug lang/c++ priority/P2 untriaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yashykt @suhovv