From 366d057a48e034e381a16dcd10027d9c0edfc522 Mon Sep 17 00:00:00 2001 From: Jesse Hallam Date: Wed, 15 Oct 2025 11:03:20 -0300 Subject: [PATCH] Fix nil pointer dereference in license validation (#34116) Add nil check after pem.Decode() to prevent crash when public key PEM data is corrupted or invalid. This fixes a panic at license.go:86 that occurred when block was nil. Also add test case to verify the fix handles corrupted public keys gracefully without panicking. --- server/channels/utils/license.go | 3 +++ server/channels/utils/license_test.go | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/server/channels/utils/license.go b/server/channels/utils/license.go index 0f873e0ebf9..d4f97410bad 100644 --- a/server/channels/utils/license.go +++ b/server/channels/utils/license.go @@ -82,6 +82,9 @@ func (l *LicenseValidatorImpl) ValidateLicense(signed []byte) (string, error) { publicKey = testPublicKey } block, _ := pem.Decode(publicKey) + if block == nil { + return "", fmt.Errorf("failed to decode public key PEM block for environment %q", model.GetServiceEnvironment()) + } public, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { diff --git a/server/channels/utils/license_test.go b/server/channels/utils/license_test.go index 87cfa817db6..72cb283a92e 100644 --- a/server/channels/utils/license_test.go +++ b/server/channels/utils/license_test.go @@ -92,6 +92,23 @@ func TestValidateLicense(t *testing.T) { require.Error(t, err) require.Empty(t, str) }) + + t.Run("should handle corrupted public key without panicking", func(t *testing.T) { + os.Setenv("MM_SERVICEENVIRONMENT", model.ServiceEnvironmentTest) + defer os.Unsetenv("MM_SERVICEENVIRONMENT") + + mockValidator := &LicenseValidatorImpl{} + + originalTestKey := testPublicKey + defer func() { testPublicKey = originalTestKey }() + + testPublicKey = []byte("not a valid PEM block") + + str, err := mockValidator.ValidateLicense(validTestLicense) + require.Error(t, err) + require.Empty(t, str) + require.Contains(t, err.Error(), "failed to decode public key PEM block") + }) } func TestGetLicenseFileLocation(t *testing.T) {