From 56950674d6f56e1577df2affcf884619d91fa0bf Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Fri, 13 Jan 2017 14:28:35 -0800
Subject: crypto,tls: fix mutability of return values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If you alter the array returned by `tls.getCiphers()`,
`crypto.getCiphers()`, `crypto.getHashes()`, or `crypto.getCurves()`, it
will alter subsequent return values from those functions.

```js
'use strict';

const crypto = require('crypto');

var hashes = crypto.getHashes();

hashes.splice(0, hashes.length);

hashes.push('some-arbitrary-value');

console.log(crypto.getHashes()); // "['some-arbitrary-value']"
```

This is surprising. Change functions to return copy of array instead.

PR-URL: https://github.com/nodejs/node/pull/10795
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
---
 lib/tls.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/tls.js')

diff --git a/lib/tls.js b/lib/tls.js
index 32c0319754b..56da56029fc 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -22,9 +22,9 @@ exports.DEFAULT_CIPHERS =
 
 exports.DEFAULT_ECDH_CURVE = 'prime256v1';
 
-exports.getCiphers = internalUtil.cachedResult(() => {
-  return internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true);
-});
+exports.getCiphers = internalUtil.cachedResult(
+  () => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true)
+);
 
 // Convert protocols array into valid OpenSSL protocols list
 // ("\x06spdy/2\x08http/1.1\x08http/1.0")
-- 
cgit v1.2.3