From 9da6f80c84de498dbad5c5f6e65499e923f309e1 Mon Sep 17 00:00:00 2001
From: om-ghante <mr.omghante1@gmail.com>
Date: Wed, 15 Apr 2026 04:04:08 +0530
Subject: [PATCH] crypto: fix use-after-free risk in ManagedX509 assignment

Fixes a potential double-free issue where ManagedX509::operator=
resets the underlying smart pointer using a raw pointer from another
instance before incrementing the reference count. If both instances
were managing the same underlying OpenSSL object, the reset could
decrement the reference count to 0 and free the object before the
reference count could be incremented.

This fixes Coverity issue 367349 where different smart pointers
were seemingly managing the same raw pointer.

Fixes: https://github.com/nodejs/node/issues/56926
---
 src/crypto/crypto_x509.cc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/crypto/crypto_x509.cc b/src/crypto/crypto_x509.cc
index 991c4ca6bfb404..faffb6337a4816 100644
--- a/src/crypto/crypto_x509.cc
+++ b/src/crypto/crypto_x509.cc
@@ -59,9 +59,12 @@ ManagedX509::ManagedX509(const ManagedX509& that) {
 }
 
 ManagedX509& ManagedX509::operator=(const ManagedX509& that) {
-  cert_.reset(that.get());
-  if (cert_) [[likely]]
-    X509_up_ref(cert_.get());
+  if (this == &that) return *this;
+
+  X509* cert = that.get();
+  if (cert) [[likely]]
+    X509_up_ref(cert);
+  cert_.reset(cert);
   return *this;
 }