From: Jay Satiro <raysatiro@yahoo.com>
Date: Fri, 1 Nov 2019 22:02:59 +0000 (-0400)
Subject: schannel_verify: Fix concurrent openings of CA file
X-Git-Tag: curl-7_67_0~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9c49824902834bb12e26e66f4a8db74f4b9ea217;p=thirdparty%2Fcurl.git

schannel_verify: Fix concurrent openings of CA file

- Open the CA file using FILE_SHARE_READ mode so that others can read
  from it as well.

Prior to this change our schannel code opened the CA file without
sharing which meant concurrent openings (eg an attempt from another
thread or process) would fail during the time it was open without
sharing, which in curl's case would cause error:
"schannel: failed to open CA file".

Bug: https://curl.haxx.se/mail/lib-2019-10/0104.html
Reported-by: Richard Alcock
---

diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index 5a09e969e8..1bdf50a55c 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -111,7 +111,7 @@ static CURLcode add_certs_to_store(HCERTSTORE trust_store,
    */
   ca_file_handle = CreateFile(ca_file_tstr,
                               GENERIC_READ,
-                              0,
+                              FILE_SHARE_READ,
                               NULL,
                               OPEN_EXISTING,
                               FILE_ATTRIBUTE_NORMAL,