From 3ee6e918cb04aad724e15a0e844d1481578c51b2 Mon Sep 17 00:00:00 2001 From: ndossche Date: Thu, 12 Feb 2026 15:14:45 +0100 Subject: [PATCH 1/2] crypto: fix potential null pointer dereference when BIO_meth_new() fails This function can return null, which will make the calls to BIO_meth_set_* trigger a null deref. Even after fixing this, there is an issue with the `BIOPointer::New(GetMethod())` call in `NodeBIO::New` because the `New` method cannot handle a null pointer despite other code already guarding for this (e.g. the `NodeBIO::New` function already checks `bio`). This patch solves the issues by adding more null checks. --- deps/ncrypto/ncrypto.cc | 1 + src/crypto/crypto_bio.cc | 16 +++++++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc index 461819ce0fa732..3a26cfbdcab52e 100644 --- a/deps/ncrypto/ncrypto.cc +++ b/deps/ncrypto/ncrypto.cc @@ -1470,6 +1470,7 @@ BIOPointer BIOPointer::NewSecMem() { } BIOPointer BIOPointer::New(const BIO_METHOD* method) { + if (method == nullptr) return {}; return BIOPointer(BIO_new(method)); } diff --git a/src/crypto/crypto_bio.cc b/src/crypto/crypto_bio.cc index f32cb1cff7d41d..350167762664d8 100644 --- a/src/crypto/crypto_bio.cc +++ b/src/crypto/crypto_bio.cc @@ -226,13 +226,15 @@ const BIO_METHOD* NodeBIO::GetMethod() { // Static initialization ensures that this is safe to use concurrently. static const BIO_METHOD* method = [&]() { BIO_METHOD* method = BIO_meth_new(BIO_TYPE_MEM, "node.js SSL buffer"); - BIO_meth_set_write(method, Write); - BIO_meth_set_read(method, Read); - BIO_meth_set_puts(method, Puts); - BIO_meth_set_gets(method, Gets); - BIO_meth_set_ctrl(method, Ctrl); - BIO_meth_set_create(method, New); - BIO_meth_set_destroy(method, Free); + if (method != nullptr) { + BIO_meth_set_write(method, Write); + BIO_meth_set_read(method, Read); + BIO_meth_set_puts(method, Puts); + BIO_meth_set_gets(method, Gets); + BIO_meth_set_ctrl(method, Ctrl); + BIO_meth_set_create(method, New); + BIO_meth_set_destroy(method, Free); + } return method; }(); From 6ffa0127537270733a06e7490d84dc969cd19de9 Mon Sep 17 00:00:00 2001 From: ndossche Date: Thu, 12 Feb 2026 17:02:20 +0100 Subject: [PATCH 2/2] fixup! Use CHECK_NOT_NULL() --- src/crypto/crypto_bio.cc | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/crypto/crypto_bio.cc b/src/crypto/crypto_bio.cc index 350167762664d8..cdf87c322afd9c 100644 --- a/src/crypto/crypto_bio.cc +++ b/src/crypto/crypto_bio.cc @@ -226,15 +226,14 @@ const BIO_METHOD* NodeBIO::GetMethod() { // Static initialization ensures that this is safe to use concurrently. static const BIO_METHOD* method = [&]() { BIO_METHOD* method = BIO_meth_new(BIO_TYPE_MEM, "node.js SSL buffer"); - if (method != nullptr) { - BIO_meth_set_write(method, Write); - BIO_meth_set_read(method, Read); - BIO_meth_set_puts(method, Puts); - BIO_meth_set_gets(method, Gets); - BIO_meth_set_ctrl(method, Ctrl); - BIO_meth_set_create(method, New); - BIO_meth_set_destroy(method, Free); - } + CHECK_NOT_NULL(method); + BIO_meth_set_write(method, Write); + BIO_meth_set_read(method, Read); + BIO_meth_set_puts(method, Puts); + BIO_meth_set_gets(method, Gets); + BIO_meth_set_ctrl(method, Ctrl); + BIO_meth_set_create(method, New); + BIO_meth_set_destroy(method, Free); return method; }();