wget2 | Bug: OpenSSL does not safely share some user data among threads

wget-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

wget2 | Bug: OpenSSL does not safely share some user data among threads

From:	Ander Juaristi (@juaristi)
Subject:	wget2 \| Bug: OpenSSL does not safely share some user data among threads (#614)
Date:	Sat, 08 Oct 2022 23:20:43 +0000


Ander Juaristi created an issue: https://gitlab.com/gnuwget/wget2/-/issues/614

Assignee: Ander Juaristi

The `vflags` structure is being shared among threads in a completely unsafe 
manner.

This is because it is being set as "user data" globally such that all threads 
share the same pointer (`_ctx` is a global variable).

```
store = SSL_CTX_get_cert_store(_ctx);
if (!store) {
}


if (!X509_STORE_set_ex_data(store, store_userdata_idx, (void *) vflags)) {
        retval = WGET_E_UNKNOWN;
        goto bail;
}

```

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/issues/614
You're receiving this email because of your account on gitlab.com.

[Prev in Thread]

Current Thread

[Next in Thread]

wget2 | Bug: OpenSSL does not safely share some user data among threads (#614), Ander Juaristi (@juaristi) <=

Prev by Date: Re: wget2 | Several OCSP improvements (!513)
Next by Date: Re: wget2 | Several OCSP improvements (!513)
Previous by thread: wget2 | Rockdaboot/fix printf string without termination (!514)
Next by thread: Re: wget2 | Fix robots.txt parser (!510)
Index(es):
- Date
- Thread