Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

securing global variable using lock #61

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 20 additions & 3 deletions adapters/tlsio_openssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ struct CRYPTO_dynlock_value
static const char* const OPTION_UNDERLYING_IO_OPTIONS = "underlying_io_options";
#define SSL_DO_HANDSHAKE_SUCCESS 1
static int g_ssl_crl_max_size_in_kb = 10 * 1024;
static LOCK_HANDLE crl_cache_lock;

/*this function will clone an option given by name and value*/
static void* tlsio_openssl_CloneOption(const char* name, const void* value)
Expand Down Expand Up @@ -934,7 +935,14 @@ static int load_cert_crl_http(
goto error;
}

LOCK_RESULT lockResult = Lock(crl_cache_lock);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crl_cache_lock

Just to check is tlsio_openssl_init where the lock is initialzed called before this always ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if (LOCK_OK != lockResult)
{
// could not lock
goto error;
}
OCSP_set_max_response_length(rctx, g_ssl_crl_max_size_in_kb * 1024);
lockResult = Unlock(crl_cache_lock);

if (!OCSP_REQ_CTX_http(rctx, "GET", isHostnameSet ? url : path))
{
Expand Down Expand Up @@ -1060,7 +1068,6 @@ static bool crl_valid(X509_CRL *crl)
}


static LOCK_HANDLE crl_cache_lock;
static int crl_cache_size = 0;
static X509_CRL** crl_cache = NULL;
static int load_cert_crl_memory(X509 *cert, X509_CRL **pCrl)
Expand Down Expand Up @@ -2726,8 +2733,18 @@ int tlsio_openssl_setoption(CONCRETE_IO_HANDLE tls_io, const char* optionName, c
}
else
{
g_ssl_crl_max_size_in_kb = *(const int*)value;
result = 0;
LOCK_RESULT lockResult = Lock(crl_cache_lock);
if (LOCK_OK != lockResult)
{
LogError("Unable to acquire CRL lock");
result = __FAILURE__;
}
else
{
g_ssl_crl_max_size_in_kb = *(const int*)value;
lockResult = Unlock(crl_cache_lock);
result = 0;
}
}
}
else if (strcmp(OPTION_DISABLE_DEFAULT_VERIFY_PATHS, optionName) == 0)
Expand Down