git.ipfire.org Git - thirdparty/openssl.git/commit

author	Stas Cymbalov <dummyunit@gmail.com>
	Tue, 21 Jan 2025 13:42:19 +0000 (16:42 +0300)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 23 Jan 2025 11:14:21 +0000 (12:14 +0100)
commit	2fae255bb8e8df7ea9609918faeaf66e29e49ed0
tree	7640f5503f097c7b7049071ac57120ded92e09b8	tree
parent	32a7848e1b6475f48d2f4a84024ec2699991ca97	commit \| diff

Fix data race in asn1_str2tag() on tntmp which was accidentally made static

Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
   parameter. This can happen if other thread modifies tntmp to point to
   a different tnst element right after a successful name check in the
   if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
   This can happen when multiple threads all first execute tntmp = tnst;
   line and then start executing the loop. If that case those threads
   can end up incrementing tntmp past the end of tnst array.

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)

(cherry picked from commit 7262c0bcc468ab8e43ba96ca219acdb4667e45e0)