diff options
author | Rich Trott <rtrott@gmail.com> | 2017-01-14 01:28:35 +0300 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2017-01-17 07:32:23 +0300 |
commit | 56950674d6f56e1577df2affcf884619d91fa0bf (patch) | |
tree | 08c0b25e6b2a90d31251c16d2f4c7ead57803913 /lib | |
parent | 38ae95bb0c0c002b7b04040b0aa060e00b760cdd (diff) |
crypto,tls: fix mutability of return values
If you alter the array returned by `tls.getCiphers()`,
`crypto.getCiphers()`, `crypto.getHashes()`, or `crypto.getCurves()`, it
will alter subsequent return values from those functions.
```js
'use strict';
const crypto = require('crypto');
var hashes = crypto.getHashes();
hashes.splice(0, hashes.length);
hashes.push('some-arbitrary-value');
console.log(crypto.getHashes()); // "['some-arbitrary-value']"
```
This is surprising. Change functions to return copy of array instead.
PR-URL: https://github.com/nodejs/node/pull/10795
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/internal/util.js | 2 | ||||
-rw-r--r-- | lib/tls.js | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/internal/util.js b/lib/internal/util.js index b7facfbbbfd..5384d59fc58 100644 --- a/lib/internal/util.js +++ b/lib/internal/util.js @@ -158,7 +158,7 @@ exports.cachedResult = function cachedResult(fn) { return () => { if (result === undefined) result = fn(); - return result; + return result.slice(); }; }; diff --git a/lib/tls.js b/lib/tls.js index 32c0319754b..56da56029fc 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -22,9 +22,9 @@ exports.DEFAULT_CIPHERS = exports.DEFAULT_ECDH_CURVE = 'prime256v1'; -exports.getCiphers = internalUtil.cachedResult(() => { - return internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true); -}); +exports.getCiphers = internalUtil.cachedResult( + () => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true) +); // Convert protocols array into valid OpenSSL protocols list // ("\x06spdy/2\x08http/1.1\x08http/1.0") |