Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9d7f66b

Browse files
committed
Add locking around SSL_context usage in libpq
I've been working with Nick Phillips on an issue he ran into whentrying to use threads with SSL client certificates. As it turns out,the call in initialize_SSL() to SSL_CTX_use_certificate_chain_file()will modify our SSL_context without any protection from other threadsalso calling that function or being at some other point and trying toread from SSL_context.To protect against this, I've written up the attached (based on aninitial patch from Nick and much subsequent discussion) which putslocks around SSL_CTX_use_certificate_chain_file() and all of the otherusers of SSL_context which weren't already protected.Nick Phillips, much reworked by Stephen FrostBack-patch to 9.0 where we started loading the cert directly instead ofusing a callback.
1 parent8505ebf commit9d7f66b

File tree

1 file changed

+53
-3
lines changed

1 file changed

+53
-3
lines changed

‎src/interfaces/libpq/fe-secure.c

Lines changed: 53 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,12 @@ static void SSLerrfree(char *buf);
9393

9494
staticboolpq_init_ssl_lib= true;
9595
staticboolpq_init_crypto_lib= true;
96+
97+
/*
98+
* SSL_context is currently shared between threads and therefore we need to be
99+
* careful to lock around any usage of it when providing thread safety.
100+
* ssl_config_mutex is the mutex that we use to protect it.
101+
*/
96102
staticSSL_CTX*SSL_context=NULL;
97103

98104
#ifdefENABLE_THREAD_SAFETY
@@ -254,6 +260,10 @@ pqsecure_open_client(PGconn *conn)
254260
/* We cannot use MSG_NOSIGNAL to block SIGPIPE when using SSL */
255261
conn->sigpipe_flag= false;
256262

263+
#ifdefENABLE_THREAD_SAFETY
264+
if (pthread_mutex_lock(&ssl_config_mutex))
265+
return-1;
266+
#endif
257267
/* Create a connection-specific SSL object */
258268
if (!(conn->ssl=SSL_new(SSL_context))||
259269
!SSL_set_app_data(conn->ssl,conn)||
@@ -266,9 +276,14 @@ pqsecure_open_client(PGconn *conn)
266276
err);
267277
SSLerrfree(err);
268278
close_SSL(conn);
279+
#ifdefENABLE_THREAD_SAFETY
280+
pthread_mutex_unlock(&ssl_config_mutex);
281+
#endif
269282
returnPGRES_POLLING_FAILED;
270283
}
271-
284+
#ifdefENABLE_THREAD_SAFETY
285+
pthread_mutex_unlock(&ssl_config_mutex);
286+
#endif
272287
/*
273288
* Load client certificate, private key, and trusted CA certs.
274289
*/
@@ -1000,8 +1015,9 @@ destroy_ssl_system(void)
10001015
CRYPTO_set_id_callback(NULL);
10011016

10021017
/*
1003-
* We don't free the lock array. If we get another connection in this
1004-
* process, we will just re-use it with the existing mutexes.
1018+
* We don't free the lock array or the SSL_context. If we get another
1019+
* connection in this process, we will just re-use them with the
1020+
* existing mutexes.
10051021
*
10061022
* This means we leak a little memory on repeated load/unload of the
10071023
* library.
@@ -1090,7 +1106,15 @@ initialize_SSL(PGconn *conn)
10901106
* understands which subject cert to present, in case different
10911107
* sslcert settings are used for different connections in the same
10921108
* process.
1109+
*
1110+
* NOTE: This function may also modify our SSL_context and therefore
1111+
* we have to lock around this call and any places where we use the
1112+
* SSL_context struct.
10931113
*/
1114+
#ifdefENABLE_THREAD_SAFETY
1115+
if (pthread_mutex_lock(&ssl_config_mutex))
1116+
return-1;
1117+
#endif
10941118
if (SSL_CTX_use_certificate_chain_file(SSL_context,fnbuf)!=1)
10951119
{
10961120
char*err=SSLerrmessage();
@@ -1099,8 +1123,13 @@ initialize_SSL(PGconn *conn)
10991123
libpq_gettext("could not read certificate file \"%s\": %s\n"),
11001124
fnbuf,err);
11011125
SSLerrfree(err);
1126+
1127+
#ifdefENABLE_THREAD_SAFETY
1128+
pthread_mutex_unlock(&ssl_config_mutex);
1129+
#endif
11021130
return-1;
11031131
}
1132+
11041133
if (SSL_use_certificate_file(conn->ssl,fnbuf,SSL_FILETYPE_PEM)!=1)
11051134
{
11061135
char*err=SSLerrmessage();
@@ -1109,10 +1138,18 @@ initialize_SSL(PGconn *conn)
11091138
libpq_gettext("could not read certificate file \"%s\": %s\n"),
11101139
fnbuf,err);
11111140
SSLerrfree(err);
1141+
#ifdefENABLE_THREAD_SAFETY
1142+
pthread_mutex_unlock(&ssl_config_mutex);
1143+
#endif
11121144
return-1;
11131145
}
1146+
11141147
/* need to load the associated private key, too */
11151148
have_cert= true;
1149+
1150+
#ifdefENABLE_THREAD_SAFETY
1151+
pthread_mutex_unlock(&ssl_config_mutex);
1152+
#endif
11161153
}
11171154

11181155
/*
@@ -1288,6 +1325,10 @@ initialize_SSL(PGconn *conn)
12881325
{
12891326
X509_STORE*cvstore;
12901327

1328+
#ifdefENABLE_THREAD_SAFETY
1329+
if (pthread_mutex_lock(&ssl_config_mutex))
1330+
return-1;
1331+
#endif
12911332
if (SSL_CTX_load_verify_locations(SSL_context,fnbuf,NULL)!=1)
12921333
{
12931334
char*err=SSLerrmessage();
@@ -1296,6 +1337,9 @@ initialize_SSL(PGconn *conn)
12961337
libpq_gettext("could not read root certificate file \"%s\": %s\n"),
12971338
fnbuf,err);
12981339
SSLerrfree(err);
1340+
#ifdefENABLE_THREAD_SAFETY
1341+
pthread_mutex_unlock(&ssl_config_mutex);
1342+
#endif
12991343
return-1;
13001344
}
13011345

@@ -1323,11 +1367,17 @@ initialize_SSL(PGconn *conn)
13231367
libpq_gettext("SSL library does not support CRL certificates (file \"%s\")\n"),
13241368
fnbuf);
13251369
SSLerrfree(err);
1370+
#ifdefENABLE_THREAD_SAFETY
1371+
pthread_mutex_unlock(&ssl_config_mutex);
1372+
#endif
13261373
return-1;
13271374
#endif
13281375
}
13291376
/* if not found, silently ignore; we do not require CRL */
13301377
}
1378+
#ifdefENABLE_THREAD_SAFETY
1379+
pthread_mutex_unlock(&ssl_config_mutex);
1380+
#endif
13311381

13321382
SSL_set_verify(conn->ssl,SSL_VERIFY_PEER,verify_cb);
13331383
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp