Google Git
Sign in
flutter/third_party/openssl/2557eaeac81c93f9e12534ac64a7634ab2bdb0fc^!/.
commit
2557eaeac81c93f9e12534ac64a7634ab2bdb0fc
[log]
author
Bodo Möller <bodo@openssl.org>
Mon Jan 24 17:57:56 2000 +0000
committer
Bodo Möller <bodo@openssl.org>
Mon Jan 24 17:57:56 2000 +0000
tree
67437b74650aa7624c49facf60d29f71a7879f9a
parent
a46faa2bfdd998f09a0a562c71c653ae0a3a0e81 [diff]
Avoid a race condition.

diff --git a/CHANGES b/CHANGES
index f5803d7..2389e2e 100644
--- a/CHANGES
+++ b/CHANGES

@@ -4,6 +4,11 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
   *) The return value of RAND_load_file() no longer counts bytes obtained
      by stat().  RAND_load_file(..., -1) is new and uses the complete file
      to seed the PRNG (previously an explicit byte count was required).

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index c7ec4c0..e4e9660 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c

@@ -435,26 +435,28 @@
 			return(-1);
 			}
 		s->session->cipher=sk_SSL_CIPHER_value(cl,i);
+
+
+		if (s->session->peer != NULL) /* can't happen*/
+			{
+			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+			return(-1);
+			}
+
+		s->session->peer = s->session->sess_cert->peer_key->x509;
+		/* peer_key->x509 has been set by ssl2_set_certificate. */
+		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
 		}
 
-	if (s->session->peer != NULL)
-		X509_free(s->session->peer);
-
-#if 0 /* What is all this meant to accomplish?? */
-	/* hmmm, can we have the problem of the other session with this
-	 * cert, Free's it before we increment the reference count. */
-	CRYPTO_w_lock(CRYPTO_LOCK_X509);
-	s->session->peer=s->session->sess_cert->key->x509;
-	/* Shouldn't do this: already locked */
-	/*CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);*/
-	s->session->peer->references++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-#else
-	s->session->peer = s->session->sess_cert->peer_key->x509;
-	/* peer_key->x509 has been set by ssl2_set_certificate. */
-	CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
-#endif
-
+	if (s->session->peer != s->session->sess_cert->peer_key->x509)
+		/* can't happen */
+		{
+		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+		return(-1);
+		}
+		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);