mirror of https://github.com/openssl/openssl.git
08cecb4448
X509_STORE_get0_objects returns a pointer to the X509_STORE's storage, but this function is a bit deceptive. It is practically unusable in a multi-threaded program. See, for example, RUSTSEC-2023-0072, a security vulnerability caused by this OpenSSL API. One might think that, if no other threads are mutating the X509_STORE, it is safe to read the resulting list. However, the documention does not mention that other logically-const operations on the X509_STORE, notably certifcate verifications when a hash_dir is installed, will, under a lock, write to the X509_STORE. The X509_STORE also internally re-sorts the list on the first query. If the caller knows to call X509_STORE_lock and X509_STORE_unlock, it can work around this. But this is not obvious, and the documentation does not discuss how X509_STORE_lock is very rarely safe to use. E.g. one cannot call any APIs like X509_STORE_add_cert or X509_STORE_CTX_get1_issuer while holding the lock because those functions internally expect to take the lock. (X509_STORE_lock is another such API which is not safe to export as public API.) Rather than leave all this to the caller to figure out, the API should have returned a shallow copy of the list, refcounting the values. Then it could be internally locked and the caller can freely inspect the result without synchronization with the X509_STORE. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23224) |
||
|---|---|---|
| .. | ||
| perl | ||
| platform_symbols | ||
| add-depends.pl | ||
| build.info | ||
| c-compress-test.pl | ||
| cavs-to-evptest.pl | ||
| check-format-test-negatives.c | ||
| check-format-test-positives.c | ||
| check-format.pl | ||
| check-malloc-errs | ||
| checkplatformsyms.pl | ||
| ck_errf.pl | ||
| copy.pl | ||
| ctags.sh | ||
| dofile.pl | ||
| echo.pl | ||
| engines.num | ||
| err-to-raise | ||
| find-doc-nits | ||
| find-unused-errs | ||
| fips-checksums.sh | ||
| fix-deprecation | ||
| fix-includes | ||
| fix-includes.sed | ||
| help.pl | ||
| indent.pro | ||
| lang-compress.pl | ||
| libcrypto.num | ||
| libssl.num | ||
| markdownlint.rb | ||
| merge-err-lines | ||
| missingcrypto-internal.txt | ||
| missingcrypto.txt | ||
| missingcrypto111.txt | ||
| missingmacro.txt | ||
| missingmacro111.txt | ||
| missingssl-internal.txt | ||
| missingssl.txt | ||
| missingssl111.txt | ||
| mk-fipsmodule-cnf.pl | ||
| mkbuildinf.pl | ||
| mkdef.pl | ||
| mkdir-p.pl | ||
| mkerr.pl | ||
| mkinstallvars.pl | ||
| mknum.pl | ||
| mkpod2html.pl | ||
| mkrc.pl | ||
| mktar.sh | ||
| opensslwrap.sh | ||
| other-internal.syms | ||
| other.syms | ||
| providers.num | ||
| quicserver.c | ||
| shlib_wrap.sh.in | ||
| su-filter.pl | ||
| update_abi_check.sh | ||
| withlibctx.pl | ||
| wrap.pl.in | ||
| write-man-symlinks | ||