diff options
| author | Anna Henningsen <anna@addaleax.net> | 2019-01-14 12:08:55 +0100 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2019-01-21 20:18:14 +0100 |
| commit | e888f667f5acae55b4604e101f0570e08da8236a (patch) | |
| tree | e0b7a68b1e1e62dd2bc646fc3eaed41a51d8e63a /src/node_crypto.cc | |
| parent | 9e9890a8ff949ca9f735fb2d4251c8449b0bd2c0 (diff) | |
| download | android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.tar.gz android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.tar.bz2 android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.zip | |
tls: do not free cert in `.getCertificate()`
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.
Therefore, using a smart pointer to take ownership is incorrect.
Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: https://github.com/nodejs/node/pull/24261
Fixes: https://github.com/nodejs-private/security/issues/217
PR-URL: https://github.com/nodejs/node/pull/25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to 'src/node_crypto.cc')
| -rw-r--r-- | src/node_crypto.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 920869a2f2..3ff9548487 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1962,10 +1962,10 @@ void SSLWrap<Base>::GetCertificate( Local<Object> result; - X509Pointer cert(SSL_get_certificate(w->ssl_.get())); + X509* cert = SSL_get_certificate(w->ssl_.get()); - if (cert) - result = X509ToObject(env, cert.get()); + if (cert != nullptr) + result = X509ToObject(env, cert); args.GetReturnValue().Set(result); } |