1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
curl/lib/vtls
Ivan Avdeev 31c521b047 vtls: fix ssl session cache race condition
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: https://github.com/curl/curl/issues/815
Fixes #815
Closes #847
2016-06-01 09:40:55 +02:00
..
axtls.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
axtls.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
cyassl.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
cyassl.h tls: make setting pinnedkey option fail if not supported 2016-05-01 17:05:38 +02:00
darwinssl.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
darwinssl.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
gskit.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
gskit.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
gtls.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
gtls.h tls: make setting pinnedkey option fail if not supported 2016-05-01 17:05:38 +02:00
mbedtls.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
mbedtls.h tls: make setting pinnedkey option fail if not supported 2016-05-01 17:05:38 +02:00
nss.c TLS: move the ALPN/NPN enable bits to the connection 2016-05-09 15:30:25 -04:00
nssg.h tls: make setting pinnedkey option fail if not supported 2016-05-01 17:05:38 +02:00
openssl.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
openssl.h tls: make setting pinnedkey option fail if not supported 2016-05-01 17:05:38 +02:00
polarssl_threadlock.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
polarssl_threadlock.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
polarssl.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
polarssl.h tls: make setting pinnedkey option fail if not supported 2016-05-01 17:05:38 +02:00
schannel.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
schannel.h schannel: add CURLOPT_CERTINFO support 2016-06-01 08:50:01 +02:00
vtls.c vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00
vtls.h vtls: fix ssl session cache race condition 2016-06-01 09:40:55 +02:00