Avoid a race condition.

2557eaea · Bodo Möller · a46faa2b · 2557eaea · 2557eaea
隐藏空白更改
内联并排

Showing with 25 addition and 18 deletion

CHANGES CHANGES +5 -0

ssl/s2_clnt.c ssl/s2_clnt.c +20 -18

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
  *) The return value of RAND_load_file() no longer counts bytes obtained
     by stat().  RAND_load_file(..., -1) is new and uses the complete file
     to seed the PRNG (previously an explicit byte count was required).

--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -435,26 +435,28 @@ static int get_server_hello(SSL *s)
 			return(-1);
 			}
 		s->session->cipher=sk_SSL_CIPHER_value(cl,i);
-		}

-	if (s->session->peer != NULL)
-		X509_free(s->session->peer);
-
-#if 0 /* What is all this meant to accomplish?? */
-	/* hmmm, can we have the problem of the other session with this
-	 * cert, Free's it before we increment the reference count. */
-	CRYPTO_w_lock(CRYPTO_LOCK_X509);
-	s->session->peer=s->session->sess_cert->key->x509;
-	/* Shouldn't do this: already locked */
-	/*CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);*/
-	s->session->peer->references++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-#else
-	s->session->peer = s->session->sess_cert->peer_key->x509;
-	/* peer_key->x509 has been set by ssl2_set_certificate. */
-	CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
-#endif

+		if (s->session->peer != NULL) /* can't happen*/
+			{
+			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+			return(-1);
+			}
+
+		s->session->peer = s->session->sess_cert->peer_key->x509;
+		/* peer_key->x509 has been set by ssl2_set_certificate. */
+		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
+		}
+
+	if (s->session->peer != s->session->sess_cert->peer_key->x509)
+		/* can't happen */
+		{
+		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+		return(-1);
+		}
+		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);