[Date Prev][Date Next] [Chronological] [Thread] [Top]

Mutex lock in libraries/libldap/tls.c

To: openldap-devel@OpenLDAP.org
Subject: Mutex lock in libraries/libldap/tls.c
From: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com>
Date: Tue, 11 Jun 2002 17:23:38 +0200
Content-disposition: inline
User-agent: Mutt/1.2.5.1i

Hi.

While looking again in tls.c, I noticed a few cases when tls_def_ctx
is read without locking tls_def_ctx_mutex.

It may result in connections using a partial tls_def_ctx in some
cases, and perhaps no connection at all in other cases.

Connection established with a partial tls_def_ctx may not check some
parameters, so may succed when it shouldn't.


This problem is more important if using my other tls.c patch (sent to
this list last week), because tls_def_ctx may be (re)initialized more
than once in that case.


Here is my patch, which has been made from a 2.0.23 + my other tls.c
patch.


Regards,

VANHULLEBUS Yvan.

*** libraries/libldap/tls.c	Tue Jun 11 11:55:09 2002
--- libraries/libldap/tls.c	Tue Jun 11 11:30:55 2002
***************
*** 303,311 ****
--- 303,317 ----
  	if ( ctx_arg ) {
  		ctx = (SSL_CTX *) ctx_arg;
  	} else {
  		if ( ldap_pvt_tls_init_def_ctx() < 0 ) return NULL;
+ #ifdef LDAP_R_COMPILE
+ 		ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
+ #endif
  		ctx = tls_def_ctx;
+ #ifdef LDAP_R_COMPILE
+ 		ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
+ #endif
  	}

  	ssl = SSL_new( ctx );
  	if ( ssl == NULL ) {
***************
*** 622,630 ****
--- 628,642 ----
  		ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_tls,
  			LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );

  		if( ctx == NULL ) {
+ #ifdef LDAP_R_COMPILE
+ 			ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
+ #endif
  			conn->lconn_tls_ctx = tls_def_ctx;
+ #ifdef LDAP_R_COMPILE
+ 			ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
+ #endif
  		}
  	}

  	err = SSL_connect( ssl );
***************
*** 971,981 ****
  	case LDAP_OPT_X_TLS:
  		*(int *)arg = lo->ldo_tls_mode;
  		break;
  	case LDAP_OPT_X_TLS_CTX:
! 		if ( ld == NULL )
  			*(void **)arg = (void *) tls_def_ctx;
! 		else
  			*(void **)arg = ld->ld_defconn->lconn_tls_ctx;
  		break;
  	case LDAP_OPT_X_TLS_CACERTFILE:
  		*(char **)arg = tls_opt_cacertfile ?
--- 983,999 ----
  	case LDAP_OPT_X_TLS:
  		*(int *)arg = lo->ldo_tls_mode;
  		break;
  	case LDAP_OPT_X_TLS_CTX:
! 		if ( ld == NULL ){
! #ifdef LDAP_R_COMPILE
! 			ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
! #endif
  			*(void **)arg = (void *) tls_def_ctx;
! #ifdef LDAP_R_COMPILE
! 			ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
! #endif
! 		}else
  			*(void **)arg = ld->ld_defconn->lconn_tls_ctx;
  		break;
  	case LDAP_OPT_X_TLS_CACERTFILE:
  		*(char **)arg = tls_opt_cacertfile ?

Follow-Ups:
- Re: Mutex lock in libraries/libldap/tls.c
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OpenLDAP 2.1.x without SASL
Next by Date: Re: Mutex lock in libraries/libldap/tls.c
Index(es):
- Chronological
- Thread