x509_store: fix unreliable value of objs inside the second locked section

objs has been incorrectly passed from one critical section to another
one.

Resolves: https://scan5.scan.coverity.com/#/project-view/65138/10222?selectedIssue=1667132
Fixes: 04589b59ef50 ("x509store: reduce lock contention in X509_STORE")
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28947)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 99d77e958893ef38b1299a592d8427e5773101e6..46b87e1bff4562648c843ecde5bfd92cdc56f422 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -868,6 +868,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx,
             objs = ossl_x509_store_ht_get_by_name(store, nm);
             if (objs == NULL)
                 goto end;
+        } else {
+            objs = store->objs;
         }
         idx = x509_object_idx_cnt(objs, X509_LU_X509, nm, &cnt);
     }