Skip to content

fix: correct duplicate NULL check in oqsx_get_hybrid_params() (GHSA-mqwg-cg22-g8r8)#767

Merged
baentsch merged 3 commits into
open-quantum-safe:mainfrom
iiviel:fix/oqs-kmgmt-copypaste-null-check
Apr 13, 2026
Merged

fix: correct duplicate NULL check in oqsx_get_hybrid_params() (GHSA-mqwg-cg22-g8r8)#767
baentsch merged 3 commits into
open-quantum-safe:mainfrom
iiviel:fix/oqs-kmgmt-copypaste-null-check

Conversation

@iiviel
Copy link
Copy Markdown
Contributor

@iiviel iiviel commented Apr 11, 2026

Fixes the copy-paste NULL check bug at oqs_kmgmt.c:412. Replaces duplicate key->comp_privkey != NULL check with correct key->privkey != NULL check. Submitted per request in GHSA-mqwg-cg22-g8r8.

@iiviel iiviel force-pushed the fix/oqs-kmgmt-copypaste-null-check branch from 4009d01 to 222e765 Compare April 11, 2026 01:56
@RodriM11
Copy link
Copy Markdown
Member

RodriM11 commented Apr 11, 2026

Hi @iiviel ! I have seen that in this PR you have duplicated the code of #766 regarding signatures. Would you mind fixing that?

Aside from that, the correction LGTM. Would you mind adding a new test / expanding an existing one to test the behavior under which you reproduced the error, so we can have that verified?

@iiviel iiviel force-pushed the fix/oqs-kmgmt-copypaste-null-check branch 6 times, most recently from 4393c75 to dfda7b9 Compare April 12, 2026 07:23
@iiviel
fix: correct duplicate NULL check in oqsx_get_hybrid_params() (GHSA-m…
ab2df93 
…qwg-cg22-g8r8)

Replace duplicate comp_privkey != NULL check with correct privkey != NULL
check at oqs_kmgmt.c:412. The copy-paste error allowed the code to proceed
with a dangling comp_privkey pointer when privkey had been freed, causing
a use-after-free (CWE-416) readable via EVP_PKEY_get_params().

Signed-off-by: Eva Crystal <0xiviel@gmail.com>
@iiviel iiviel force-pushed the fix/oqs-kmgmt-copypaste-null-check branch from dfda7b9 to ab2df93 Compare April 12, 2026 07:25
@iiviel
Copy link
Copy Markdown
Contributor Author

iiviel commented Apr 12, 2026

@RodriM11 Removed the duplicated #766 code and added a regression test in oqs_test_evp_pkey_params.c that imports a hybrid sig key with public key only and calls oqsx_get_hybrid_params() - before the fix this would crash due to the duplicate NULL check. DCO checks pass.

@RodriM11
Copy link
Copy Markdown
Member

RodriM11 commented Apr 12, 2026

Thanks for the addition @iiviel ! Same as the other PR. Please see the formatting errors. To ensure the code added is consistent with the expected format, see here.

Thank you in advance for your help!

@iiviel
style: apply LLVM formatting
a3e9808 
Signed-off-by: Eva Crystal <0xiviel@gmail.com>
@iiviel
Copy link
Copy Markdown
Contributor Author

iiviel commented Apr 12, 2026

Hi @RodriM11! I've applied the LLVM formatting. Please let me know if anything else is needed!

@RodriM11
Copy link
Copy Markdown
Member

RodriM11 commented Apr 13, 2026

Hi @iiviel ! Same comment as in here.

@iiviel
style: revert unintended formatting changes in oqsprov.c and oqsprov_…
2c9d5a6 
…capabilities.c

Signed-off-by: Eva Crystal <0xiviel@gmail.com>
@iiviel
Copy link
Copy Markdown
Contributor Author

iiviel commented Apr 13, 2026

Hi @RodriM11, reverted the unintended changes in oqsprov.c and oqsprov_capabilities.c. Should be good now!

@RodriM11
Copy link
Copy Markdown
Member

RodriM11 commented Apr 13, 2026

Changes LGTM. Thanks for the contribution @iiviel !

@baentsch baentsch merged commit bbb20fb into open-quantum-safe:main Apr 13, 2026
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@baentsch baentsch baentsch approved these changes

@RodriM11 RodriM11 RodriM11 approved these changes

@feventura feventura Awaiting requested review from feventura

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iiviel @RodriM11 @baentsch