nil pointer dereferencing

[MAGeorg]

Observed behavior

Hello,

We checked our code with SAST tool and found some issues in nats library.

1. jetstream/jetstream.go:904 On line 904 we can potentially call close() on an uninitialized channel, which will lead to a panic.
2. nats.go:4649-4651 On lines 4649-4651 sub is checked for nil, if sub is nil, then return is called, before which defer is called, where the nil pointer is dereferenced.

Expected behavior

Added checks for nil

Server and client version

nats go lib version - v1.34.1 (but the bugs are also relevant for the main branch)

Host environment

No response

Steps to reproduce

No response

[piotrpio]

Hello @MAGeorg, thank you for creating the issue.

Thanks for catching those. The first one should definitely be fixed, I'll take care of that.
The second one I'm not sure I get. The lines you're pointing to are:

// changeSubStatus changes subscription status and sends events
// to all listeners. Lock should be held entering.
func (s *Subscription) changeSubStatus(status SubStatus) {
	if s == nil {
		return
	}
	s.sendStatusEvent(status)
	s.status = status
}

Not sure where the nil pointer dereference, plus there is no defer in this method. Could you please elaborate?

[MAGeorg]

Hello @piotrpio
Sorry, I probably made a mistake when I attached the link.
In the second problem I was talking about the following code on line nats.go:4687-4695

// checkDrained will watch for a subscription to be fully drained
// and then remove it.
func (nc *Conn) checkDrained(sub *Subscription) {
	defer func() {
		sub.mu.Lock()
		defer sub.mu.Unlock()
		sub.draining = false
	}()
	if nc == nil || sub == nil {
		return
	}

...

[piotrpio]

Thank you! I'll take care of those.