The branch OpenSSL_1_1_1-stable has been updated
via b4f55c6f6c4d8d2a85ca697d92dfb682f3ebc987 (commit)
from ab2d477c0aa2d949bdc690f38f09bfde98f93a9c (commit)
- Log -----------------------------------------------------------------
commit b4f55c6f6c4d8d2a85ca697d92dfb682f3ebc987
Author: Krists Krilovs <krists.kril...@gmail.com>
Date: Mon Jul 8 13:43:09 2019 -0700
Fix wrong lock claimed in x509 dir lookup.
x509 store's objects cache can get corrupted when using dir lookup
method in multithreaded application. Claim x509 store's lock when
accessing objects cache.
CLA: trivial
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
Reviewed-by: Bernd Edlinger <bernd.edlin...@hotmail.de>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9326)
(cherry picked from commit a161738a708b5e284a4714edc0c976606ea7cb26)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/by_dir.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index b3760db..a601433 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -327,10 +327,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl,
X509_LOOKUP_TYPE type,
/*
* we have added it to the cache so now pull it out again
*/
- CRYPTO_THREAD_write_lock(ctx->lock);
+ X509_STORE_lock(xl->store_ctx);
j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
- CRYPTO_THREAD_unlock(ctx->lock);
+ X509_STORE_unlock(xl->store_ctx);
/* If a CRL, update the last file suffix added for this */
