Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

Nil pointer dereference on KeyRefreshUnknownKID #75

Open
elffjs opened this issue Dec 15, 2021 · 2 comments
Open

Nil pointer dereference on KeyRefreshUnknownKID #75

elffjs opened this issue Dec 15, 2021 · 2 comments

Comments

@elffjs
Copy link

elffjs commented Dec 15, 2021
edited
Loading

The README mentions that the config property KeyRefreshUnknownKID is a boolean defaulting to false, but in code the field on Config has type *bool and is referenced in exactly one place, inside of KeySet.getKey:

	jsonKey, ok = j.Keys[kid]
	j.mux.RUnlock()

	// Check if the key was present.
	if !ok {
		// Check to see if configured to refresh on unknown kid.
		if *j.Config.KeyRefreshUnknownKID {

Thus, if you don't specify a non-nil value for this property and you reach this line because you did provide a value for KeySetURL, your program will panic. I believe we've seen this in testing.

What we could do, and what seems in line with the use of other pointer-valued config properties in this file, is change the conditional to

		if j.Config.KeyRefreshUnknownKID != nil && *j.Config.KeyRefreshUnknownKID {
@MicahParks
Copy link
Contributor

MicahParks commented Aug 28, 2022
edited
Loading

Please note that this snippet is due to some copied code from github.com/MicahParks/keyfunc. It's pretty old and there has since been a v1.X.X release which fixes a few bugs.

See this relevant issue: #73

@MicahParks MicahParks mentioned this issue Apr 20, 2023
Closed
@MicahParks
Copy link
Contributor

This should be fixed with #129

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MicahParks @elffjs