Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: do not free cert in .getCertificate() #25490

Closed
wants to merge 1 commit into from
Closed

tls: do not free cert in .getCertificate() #25490

wants to merge 1 commit into from

Conversation

addaleax
Copy link
Member

The documentation of SSL_get_certificate states that it returns
an internal pointer that must not be freed by the caller.

Therefore, using a smart pointer to take ownership is incorrect.

Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: #24261

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@addaleax
tls: do not free cert in .getCertificate()
7611f1b 
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.

Therefore, using a smart pointer to take ownership is incorrect.

Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: nodejs#24261
Fixes: https://github.com/nodejs-private/security/issues/217
@nodejs-github-bot
Copy link
Collaborator

@addaleax sadly an error occured when I tried to trigger a build :(

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Jan 14, 2019
@addaleax addaleax mentioned this pull request Jan 14, 2019
Closed
4 tasks
@addaleax addaleax added the tls Issues and PRs related to the tls subsystem. label Jan 14, 2019
@addaleax
Copy link
Member Author

CI: https://ci.nodejs.org/job/node-test-pull-request/20103/

@addaleax
Copy link
Member Author

Resume CI: https://ci.nodejs.org/job/node-test-pull-request/20117/

@addaleax addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jan 14, 2019
This was referenced Jan 16, 2019
Closed
Closed
@addaleax
Copy link
Member Author

Resume CI again: https://ci.nodejs.org/job/node-test-pull-request/20229/

@addaleax
Copy link
Member Author

Landed in e888f66

@addaleax addaleax closed this Jan 21, 2019
@addaleax addaleax deleted the get-certificate-nofree branch January 21, 2019 19:27
addaleax added a commit that referenced this pull request Jan 21, 2019
@addaleax
tls: do not free cert in .getCertificate()
e888f66 
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.

Therefore, using a smart pointer to take ownership is incorrect.

Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: #24261
Fixes: https://github.com/nodejs-private/security/issues/217

PR-URL: #25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
addaleax added a commit that referenced this pull request Jan 23, 2019
@addaleax
tls: do not free cert in .getCertificate()
c3409f5 
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.

Therefore, using a smart pointer to take ownership is incorrect.

Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: #24261
Fixes: https://github.com/nodejs-private/security/issues/217

PR-URL: #25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@MylesBorins MylesBorins mentioned this pull request Jan 24, 2019
Merged
zcbenz pushed a commit to electron/node that referenced this pull request Mar 27, 2019
@addaleax @zcbenz
tls: do not free cert in .getCertificate()
afbc0fd 
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.

Therefore, using a smart pointer to take ownership is incorrect.

Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: nodejs/node#24261
Fixes: https://github.com/nodejs-private/security/issues/217

PR-URL: nodejs/node#25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
sam-github pushed a commit to sam-github/node that referenced this pull request Apr 29, 2019
@addaleax @sam-github
tls: do not free cert in .getCertificate()
8c7406f 
The documentation of `SSL_get_certificate` states that it returns
an internal pointer that must not be freed by the caller.

Therefore, using a smart pointer to take ownership is incorrect.

Refs: https://man.openbsd.org/SSL_get_certificate.3
Refs: nodejs#24261
Fixes: https://github.com/nodejs-private/security/issues/217

PR-URL: nodejs#25490
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This was referenced Aug 9, 2020
Open
Open
Open
This was referenced Aug 10, 2020
Open
Open
Open
Merged
@snyk-bot snyk-bot mentioned this pull request Oct 29, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sam-github sam-github sam-github approved these changes

@danbev danbev danbev approved these changes

@jasnell jasnell jasnell approved these changes

@lpinca lpinca lpinca approved these changes

@cjihrig cjihrig cjihrig approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@addaleax @nodejs-github-bot @sam-github @danbev @jasnell @lpinca @cjihrig