From c84fed3bd968710176630abf371ff67fc2eecb48 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Mon, 27 Oct 2025 09:46:44 +0100
Subject: [PATCH] tls: fix leak on invalid protocol method

---
 src/crypto/crypto_context.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
index db3f44907a723b..0e0546c313fe94 100644
--- a/src/crypto/crypto_context.cc
+++ b/src/crypto/crypto_context.cc
@@ -1351,7 +1351,6 @@ SecureContext* SecureContext::Create(Environment* env) {
 SecureContext::SecureContext(Environment* env, Local<Object> wrap)
     : BaseObject(env, wrap) {
   MakeWeak();
-  env->external_memory_accounter()->Increase(env->isolate(), kExternalSize);
 }
 
 inline void SecureContext::Reset() {
@@ -1469,6 +1468,8 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
   if (!sc->ctx_) {
     return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
   }
+
+  env->external_memory_accounter()->Increase(env->isolate(), kExternalSize);
   SSL_CTX_set_app_data(sc->ctx_.get(), sc);
 
   // Disable SSLv2 in the case when method == TLS_method() and the