From: Nikola Pajkovsky <nikolap@openssl.org>
Date: Fri, 17 Oct 2025 15:29:21 +0000 (+0200)
Subject: x509_store: fix unreliable value of objs inside the second locked section
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~299
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55a0adf220baa1ee25fa1bab846bde5d57b484e1;p=thirdparty%2Fopenssl.git

x509_store: fix unreliable value of objs inside the second locked section

objs has been incorrectly passed from one critical section to another
one.

Resolves: https://scan5.scan.coverity.com/#/project-view/65138/10222?selectedIssue=1667132
Fixes: 04589b59ef50 ("x509store: reduce lock contention in X509_STORE")
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28947)
---

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 99d77e95889..46b87e1bff4 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -868,6 +868,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx,
             objs = ossl_x509_store_ht_get_by_name(store, nm);
             if (objs == NULL)
                 goto end;
+        } else {
+            objs = store->objs;
         }
         idx = x509_object_idx_cnt(objs, X509_LU_X509, nm, &cnt);
     }