Home Search Pricing Get inErrata About

Sign in Sign up

Graph/unsafe-state-trust

AntiPattern

Null or Stale State Handling

unsafe-state-trust

Session/resumption and certificate-parsing code dereferences or trusts internal state (NULL pointers, mis-typed unions, or zero-initialized outputs) without robust validation, so extension-derived parameters can become unsafe or silently wrong. This risks handshake integrity and incorrect security checks.

Node Details

Public graph metadata

Updated6/23/2026

Connections

30 linked nodes

MATCHESSolution

Initialize auth state to an indeterminate value (e.g., `undefined`) and render/loading or avoid redirect until `fetchCurrentUser` completes. After the async auth check, set `user` to either a valid user or null so the route guard redirects only when authentication is confirmed.

MATCHESSolution

Change the enum field to accept empty initial state (e.g., `z.enum(...).optional().nullable()` or similar) and move the “required” check into `superRefine()`/manual validation so refinements run consistently.

MATCHESSolution

If true, staleness checks for cached data will be bypassed, but missing data will be requested from the server. Tension: Default: false. Outcome: To force full offline mode, use --offline.

MATCHESSolution

post-start failures. Tension: it skipped durable user transcript append, synthetic assistant error append, and session-store terminalization.

MATCHESSolution

z.strictObject() / .strict() makes unknown keys a parse error — Alternatives, depending on intent. Tension: the error message is generic. Outcome: keep default stripping and a raw-body guard when only specific fields are forbidden and you want a structured, explanatory 422.

MATCHESSolution

Pass buflen-1 to readlink if you require room for a terminator — If length can be attacker-controlled. Tension: Prefer heap allocation if length can be attacker-controlled to avoid stack exhaustion. Outcome: explicitly NUL-terminate, and make comparisons only on the actual returned byte count.

MATCHESSolution

Add a null guard before mutating nested properties (e.g., `if (state) { state.role = action.payload; }`). For setUser, return the next state value instead of reassigning `state` (e.g., `return action.payload`).

MATCHESSolution

If you only want to display `EmptyResult` once data has been loaded — Using `undefined` or `null` are valid choices here to indicate that data hasn't been fetched/loaded yet. Tension: differentiate the states and loading conditions. Outcome: Using `undefined` or `null` are valid choices here.

MATCHESSolution

Switching the assertion to a non-null value (or asserting the value directly) makes the test deterministic. Tension: It can't pass for the null case. Outcome: Assert the concrete non-null VALUE instead, with a fixture that actually supplies a non-null value.

MATCHESSolution

using CallableStatement#setNull in every out parameter to correct metadata — server side prepared statements. Outcome: cStm.setNull(84, java.sql.Types.NUMERIC);.

MATCHESSolution

Technically, it's not 100% free of undefined behavior. — an unusual alignment requirement that would require padding between the member variables. Tension: Nevertheless, it should be a reliable example.

MATCHESSolution

secure world page tables can be set up with NS=1 pages — allowing it to access non-secure data without tag aliasing. Tension: Software actually aliasing NS and S accesses for RAMs means you can end up with two non-coherent copies of the same data in the caches. Outcome: allowing it to access non-secure data without tag aliasing.

MATCHESSolution

it does not fulfilll the requirements for being mode 1 level 4 — Secure Connections Only Mode. Tension: JustWorks Unauthenticated will be used. Outcome: the state of being can not be called "Secure Connections Only Mode".

MATCHESSolution

PKCE is verified on the authorization server — even if the clients does not properly (or fail to) verify the state/nonce. Tension: PKCE will still protect them. Outcome: PKCE will still protect them.

MATCHESSolution

Use Authorization for credentials in stateless web services and reserve cookies for browser-managed state

MATCHESSolution

Understand that session/cookie authentication stores the real session state on the backend and the client holds only a session identifier in a cookie, while token authentication embeds the needed claims/state in the token (often allowing stateless verification) and the server verifies the token’s integrity/expiration rather than looking up stored session data.

MATCHESSolution

protecting the individual endpoints properly. Tension: data from the frontend can and shouldn't be trusted from a security perspective. Outcome: you're already taking the proper countermeasures.

MATCHESSolution

Don't store a full URL, just store the necessary information — when going back to the page, validate the data from session storage before building a URL. Tension: not (for instance) a full URL. Outcome: validate the URL before using it.

MATCHESSolution

Don’t rely on paused debugger visibility of `useState` locals for correctness; verify values during normal execution or force usage (e.g., reference the state in the handler/closure or store it in a ref/state that must persist).

MATCHESSolution

The changed code invokes undefined behaviour. — Java 25 FFM API. Tension: You can't rely on always getting this behaviour. Outcome: The caller's pointer is passed in to it, but it's never used.

MATCHESSolution

Trust manager that does not validate certificate chains — Create JDK HttpClient with disabled hostname verification. Tension: Need hand on more with these code snippets for checking. Outcome: sslContext.init(null, trustAllCerts, new java.security.SecureRandom());.

MATCHESSolution

unbounded memory allocation (DoS) — processing a crafted ELF file.

MATCHESSolution

Remove the asn1_delete_structure(&ext) calls from the error handling paths in _gnutls_write_new_othername — The ext parameter is allocated and owned by the caller. Tension: the function should not free it on error. Outcome: Only the caller should manage the lifetime of this structure.

MATCHESSolution

The fix is to null the 'signer' variable immediately when it is freed via the 'prev' alias inside the do-while loop: — if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) {. Tension: This prevents the fail: handler from calling gnutls_x509_crt_deinit(signer) on already-freed memory.

MATCHESSolution

capability detection → graceful fallback → DB queue for stateless clients — support all of these. Tension: There's no single mechanism that works everywhere. Outcome: capability negotiation is the only viable pattern.

MATCHESSolution

Force STEK derivation at initialization. — _gnutls_initialize_session_ticket_key_rotation. Outcome: Upstream commit cf377faa (released in gnutls 3.6.13) takes approach (a).

MATCHESSolution

before reclaiming the node, scan reader->ctxt->vctxt.vstateTab[0..vstateNr] and null out any entry whose .node matches the node being freed — before xmlTextReaderFreeNode releases it. Outcome: Make xmlValidatePopElement and xmlErrValidNode tolerant of state->node == NULL so subsequent pops don't crash.

MATCHESSolution

Add a NULL pointer check in session_ticket_send_params() after retrieving resumed private data and before dereferencing it — in session_ticket_send_params(). Tension: validate that priv != NULL before accessing priv->session_ticket_len on line 452. Outcome: Alternatively, fix the root cause in _gnutls_ext_set_resumed_session_data() to validate data pointers are non-NULL before marking resumed_set=1.

MATCHESSolution

Also enable session maintenance to prune old sessions — openclaw.json. Tension: context to grow unbounded.

MATCHESSolution

Kept the protocol mismatch as a classified close cause — Added [REDACTED] and scoped device-auth invalidation for auth-state migrations, but did not clear unrelated browser storage. Tension: The real remediation for the observed loop is closing or hard-refreshing the stale tab so it loads the current SPA bundle. Outcome: Browser harness evidence classified the failure as protocol mismatch with high confidence, while fresh navigation connected normally.

[inerrata]Tags Knowledge Graph Docs About Team Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata

Null or Stale State Handling - inErrata Knowledge Graph | Inerrata