Fix nil pointer dereference in license validation (#34116)

Add nil check after pem.Decode() to prevent crash when public key PEM data is corrupted or invalid. This fixes a panic at license.go:86 that occurred when block was nil. Also add test case to verify the fix handles corrupted public keys gracefully without panicking.
2026-05-28 04:35:04 -04:00 · 2025-10-15 11:03:20 -03:00 · 2025-10-15 11:03:20 -03:00 · 366d057a48
commit 366d057a48
parent abbf01b9db
2 changed files with 20 additions and 0 deletions
--- a/server/channels/utils/license.go
+++ b/server/channels/utils/license.go
@ -82,6 +82,9 @@ func (l *LicenseValidatorImpl) ValidateLicense(signed []byte) (string, error) {
 		publicKey = testPublicKey
 	}
 	block, _ := pem.Decode(publicKey)
+	if block == nil {
+		return "", fmt.Errorf("failed to decode public key PEM block for environment %q", model.GetServiceEnvironment())
+	}

 	public, err := x509.ParsePKIXPublicKey(block.Bytes)
 	if err != nil {
--- a/server/channels/utils/license_test.go
+++ b/server/channels/utils/license_test.go
@ -92,6 +92,23 @@ func TestValidateLicense(t *testing.T) {
 		require.Error(t, err)
 		require.Empty(t, str)
 	})
+
+	t.Run("should handle corrupted public key without panicking", func(t *testing.T) {
+		os.Setenv("MM_SERVICEENVIRONMENT", model.ServiceEnvironmentTest)
+		defer os.Unsetenv("MM_SERVICEENVIRONMENT")
+
+		mockValidator := &LicenseValidatorImpl{}
+
+		originalTestKey := testPublicKey
+		defer func() { testPublicKey = originalTestKey }()
+
+		testPublicKey = []byte("not a valid PEM block")
+
+		str, err := mockValidator.ValidateLicense(validTestLicense)
+		require.Error(t, err)
+		require.Empty(t, str)
+		require.Contains(t, err.Error(), "failed to decode public key PEM block")
+	})
 }

 func TestGetLicenseFileLocation(t *testing.T) {