Handle JS getter exceptions in GetSSLCtx

pimterry · pimterry · commit e37890620fa3 · 2026-03-15T18:20:56.000+01:00
diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
@@ -2447,6 +2447,9 @@ NODE_EXTERN SSL_CTX* GetSSLCtx(Local<Context> context, Local<Value> value) {
   Environment* env = Environment::GetCurrent(context);
   if (env == nullptr) return nullptr;
 
+  // TryCatchto swallow any exceptions from Get() (e.g. failing getters)
+  v8::TryCatch try_catch(env->isolate());
+
   // Unwrap the .context property from the JS SecureContext wrapper
   // (as returned by tls.createSecureContext()).
   if (value->IsObject()) {
diff --git a/test/addons/openssl-get-ssl-ctx/test.js b/test/addons/openssl-get-ssl-ctx/test.js
@@ -38,3 +38,12 @@ const binding = require(`./build/${common.buildType}/binding`);
 {
   assert.strictEqual(binding.getSSLCtxInvalid({ context: 'not a context' }), true);
 }
+
+// Test 7: An object with a throwing .context getter should return nullptr
+// without propagating the exception.
+{
+  const obj = {
+    get context() { throw new Error('getter threw'); },
+  };
+  assert.strictEqual(binding.getSSLCtxInvalid(obj), true);
+}

Original file line number	Diff line number	Diff line change
@@ -38,3 +38,12 @@ const binding = require(`./build/${common.buildType}/binding`);
`38`	`38`	`{`
`39`	`39`	`assert.strictEqual(binding.getSSLCtxInvalid({ context: 'not a context' }), true);`
`40`	`40`	`}`
	`41`	`+`
	`42`	`+// Test 7: An object with a throwing .context getter should return nullptr`
	`43`	`+// without propagating the exception.`
	`44`	`+{`
	`45`	`+ const obj = {`
	`46`	`+ get context() { throw new Error('getter threw'); },`
	`47`	`+ };`
	`48`	`+ assert.strictEqual(binding.getSSLCtxInvalid(obj), true);`
	`49`	`+}`