diff options
author | Anna Henningsen <anna@addaleax.net> | 2019-01-14 12:08:55 +0100 |
---|---|---|
committer | Anna Henningsen <anna@addaleax.net> | 2019-01-21 20:18:14 +0100 |
commit | e888f667f5acae55b4604e101f0570e08da8236a (patch) | |
tree | e0b7a68b1e1e62dd2bc646fc3eaed41a51d8e63a /test/parallel | |
parent | 9e9890a8ff949ca9f735fb2d4251c8449b0bd2c0 (diff) | |
download | android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.tar.gz android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.tar.bz2 android-node-v8-e888f667f5acae55b4604e101f0570e08da8236a.zip |
tls: do not free cert in `.getCertificate()`
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.
Therefore, using a smart pointer to take ownership is incorrect.
Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: https://github.com/nodejs/node/pull/24261
Fixes: https://github.com/nodejs-private/security/issues/217
PR-URL: https://github.com/nodejs/node/pull/25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to 'test/parallel')
-rw-r--r-- | test/parallel/test-tls-pfx-authorizationerror.js | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/test/parallel/test-tls-pfx-authorizationerror.js b/test/parallel/test-tls-pfx-authorizationerror.js index 6daf89dff0..5105a60dac 100644 --- a/test/parallel/test-tls-pfx-authorizationerror.js +++ b/test/parallel/test-tls-pfx-authorizationerror.js @@ -37,8 +37,13 @@ const server = tls rejectUnauthorized: false }, function() { - assert.strictEqual(client.getCertificate().serialNumber, - 'ECC9B856270DA9A8'); + for (let i = 0; i < 10; ++i) { + // Calling this repeatedly is a regression test that verifies + // that .getCertificate() does not accidentally decrease the + // reference count of the X509* certificate on the native side. + assert.strictEqual(client.getCertificate().serialNumber, + 'ECC9B856270DA9A8'); + } client.end(); server.close(); } |