mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
08cecb4448
X509_STORE_get0_objects returns a pointer to the X509_STORE's storage, but this function is a bit deceptive. It is practically unusable in a multi-threaded program. See, for example, RUSTSEC-2023-0072, a security vulnerability caused by this OpenSSL API. One might think that, if no other threads are mutating the X509_STORE, it is safe to read the resulting list. However, the documention does not mention that other logically-const operations on the X509_STORE, notably certifcate verifications when a hash_dir is installed, will, under a lock, write to the X509_STORE. The X509_STORE also internally re-sorts the list on the first query. If the caller knows to call X509_STORE_lock and X509_STORE_unlock, it can work around this. But this is not obvious, and the documentation does not discuss how X509_STORE_lock is very rarely safe to use. E.g. one cannot call any APIs like X509_STORE_add_cert or X509_STORE_CTX_get1_issuer while holding the lock because those functions internally expect to take the lock. (X509_STORE_lock is another such API which is not safe to export as public API.) Rather than leave all this to the caller to figure out, the API should have returned a shallow copy of the list, refcounting the values. Then it could be internally locked and the caller can freely inspect the result without synchronization with the X509_STORE. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23224) |
||
|---|---|---|
| .. | ||
| build.info | ||
| by_dir.c | ||
| by_file.c | ||
| by_store.c | ||
| ext_dat.h | ||
| pcy_cache.c | ||
| pcy_data.c | ||
| pcy_lib.c | ||
| pcy_local.h | ||
| pcy_map.c | ||
| pcy_node.c | ||
| pcy_tree.c | ||
| standard_exts.h | ||
| t_crl.c | ||
| t_req.c | ||
| t_x509.c | ||
| v3_addr.c | ||
| v3_admis.c | ||
| v3_admis.h | ||
| v3_akeya.c | ||
| v3_akid.c | ||
| v3_asid.c | ||
| v3_bcons.c | ||
| v3_bitst.c | ||
| v3_conf.c | ||
| v3_cpols.c | ||
| v3_crld.c | ||
| v3_enum.c | ||
| v3_extku.c | ||
| v3_genn.c | ||
| v3_group_ac.c | ||
| v3_ia5.c | ||
| v3_ind_iss.c | ||
| v3_info.c | ||
| v3_int.c | ||
| v3_ist.c | ||
| v3_lib.c | ||
| v3_ncons.c | ||
| v3_no_ass.c | ||
| v3_no_rev_avail.c | ||
| v3_pci.c | ||
| v3_pcia.c | ||
| v3_pcons.c | ||
| v3_pku.c | ||
| v3_pmaps.c | ||
| v3_prn.c | ||
| v3_purp.c | ||
| v3_san.c | ||
| v3_single_use.c | ||
| v3_skid.c | ||
| v3_soa_id.c | ||
| v3_sxnet.c | ||
| v3_tlsf.c | ||
| v3_utf8.c | ||
| v3_utl.c | ||
| v3err.c | ||
| x509_att.c | ||
| x509_cmp.c | ||
| x509_d2.c | ||
| x509_def.c | ||
| x509_err.c | ||
| x509_ext.c | ||
| x509_local.h | ||
| x509_lu.c | ||
| x509_meth.c | ||
| x509_obj.c | ||
| x509_r2x.c | ||
| x509_req.c | ||
| x509_set.c | ||
| x509_trust.c | ||
| x509_txt.c | ||
| x509_v3.c | ||
| x509_vfy.c | ||
| x509_vpm.c | ||
| x509cset.c | ||
| x509name.c | ||
| x509rset.c | ||
| x509spki.c | ||
| x509type.c | ||
| x_all.c | ||
| x_attrib.c | ||
| x_crl.c | ||
| x_exten.c | ||
| x_name.c | ||
| x_pubkey.c | ||
| x_req.c | ||
| x_x509.c | ||
| x_x509a.c | ||