Preface: SAML 2.0 implementation for Service Providers based on etree and goxmldsig, a pure Go implementation of XML digital signatures.
Background: “nil” in Go that represents zero values for pointers, interfaces, channels, maps, slices and function types.
Vulnerability Details: A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Reference: When “Go” initializes the pointer, it assigns the value of pointer i to nil, but the value of i represents the address of *i. If nil, the system has not assigned an address to *i. So at this time, * i assignment will have problem occur.
Remedy: Official announcement not announce yet. See whether it can apply the similar syntax to do a short term remediation of this design weakness? The gosmal2 package has encountered the similar technical matter (nil point dereference) on Aug 14, 2019 . For more details, please refer to diagram.