diff options
| author | Anna Henningsen <anna@addaleax.net> | 2019-01-14 12:08:55 +0100 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2019-01-21 20:18:14 +0100 |
| commit | e888f667f5acae55b4604e101f0570e08da8236a (patch) | |
| tree | e0b7a68b1e1e62dd2bc646fc3eaed41a51d8e63a /src/node_buffer.cc | |
| parent | 9e9890a8ff949ca9f735fb2d4251c8449b0bd2c0 (diff) | |
| download | android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.tar.gz android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.tar.bz2 android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.zip | |
tls: do not free cert in `.getCertificate()`
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.
Therefore, using a smart pointer to take ownership is incorrect.
Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: https://github.com/nodejs/node/pull/24261
Fixes: https://github.com/nodejs-private/security/issues/217
PR-URL: https://github.com/nodejs/node/pull/25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to 'src/node_buffer.cc')
0 files changed, 0 insertions, 0 deletions