commit 66d49b49526c2352b65ea037e879dc4409ecc68d
author David Benjamin <davidben@google.com> Tue Aug 29 16:24:36 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Aug 29 20:44:42 2017 +0000
tree 1cfdf623d30e34995d21976ad621421eeb092c95
parent c79ae7aa8b07c036538fbfcd0708bc6626ecbc20

Fix SSL_CTX client_CA list locking.

ctx->cached_x509_client_CA needs to be protected under a lock since
SSL_CTX_get_client_CA_list is a logically const operation. The fallback
in SSL_get_client_CA_list was not using this lock.

Change-Id: I2431218492d1a853cc1a59c0678b0b50cd9beab2
Reviewed-on: https://boringssl-review.googlesource.com/19765
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_x509.cc

diff --git a/ssl/ssl_x509.cc b/ssl/ssl_x509.cc
index 7e9e51f..e442dfb 100644
--- a/ssl/ssl_x509.cc
+++ b/ssl/ssl_x509.cc
@@ -1158,12 +1158,13 @@
     return buffer_names_to_x509(
         ssl->client_CA, (STACK_OF(X509_NAME) **)&ssl->cached_x509_client_CA);
   }
-  return buffer_names_to_x509(ssl->ctx->client_CA,
-                              &ssl->ctx->cached_x509_client_CA);
+  return SSL_CTX_get_client_CA_list(ssl->ctx);
 }
 
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {
   check_ssl_ctx_x509_method(ctx);
+  /* This is a logically const operation that may be called on multiple threads,
+   * so it needs to lock around updating |cached_x509_client_CA|. */
   CRYPTO_MUTEX_lock_write((CRYPTO_MUTEX *) &ctx->lock);
   STACK_OF(X509_NAME) *ret = buffer_names_to_x509(
       ctx->client_CA, (STACK_OF(X509_NAME) **)&ctx->cached_x509_client_CA);