Fix wrong lock claimed in x509 dir lookup.
authorKrists Krilovs <krists.krilovs@gmail.com>
Mon, 8 Jul 2019 20:43:09 +0000 (13:43 -0700)
committerShane Lontis <shane.lontis@oracle.com>
Mon, 15 Jul 2019 01:39:53 +0000 (11:39 +1000)
x509 store's objects cache can get corrupted when using dir lookup
method in multithreaded application. Claim x509 store's lock when
accessing objects cache.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9326)

(cherry picked from commit a161738a708b5e284a4714edc0c976606ea7cb26)

crypto/x509/by_dir.c

index b3760dbadf3abf5d7de5e7365658f9814f602f9a..a601433dac6c0d89e48452368acb2839089d5a4a 100644 (file)
@@ -327,10 +327,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
         /*
          * we have added it to the cache so now pull it out again
          */
-        CRYPTO_THREAD_write_lock(ctx->lock);
+        X509_STORE_lock(xl->store_ctx);
         j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
         tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
-        CRYPTO_THREAD_unlock(ctx->lock);
+        X509_STORE_unlock(xl->store_ctx);
 
         /* If a CRL, update the last file suffix added for this */