From 00b4cf839091e3d0b3de8caa6a4d98633c7b4953 Mon Sep 17 00:00:00 2001 From: ndossche Date: Thu, 19 Feb 2026 16:46:15 +0100 Subject: [PATCH] crypto: fix missing nullptr check on RSA_new() Not checking this can cause a null deref. Since there is already a null check at the bottom of the function with `NewRSA()`. --- src/crypto/crypto_rsa.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc index e7546cec4c1123..4347bf4efb5406 100644 --- a/src/crypto/crypto_rsa.cc +++ b/src/crypto/crypto_rsa.cc @@ -385,6 +385,8 @@ KeyObjectData ImportJWKRsaKey(Environment* env, KeyType type = d_value->IsString() ? kKeyTypePrivate : kKeyTypePublic; RSAPointer rsa(RSA_new()); + if (!rsa) return {}; + ncrypto::Rsa rsa_view(rsa.get()); ByteSource n = ByteSource::FromEncodedString(env, n_value.As());