vtls_scache: fix race condition

- Lock before counting the cache sessions.

Prior to this change when taking a session a trace command counted the
sessions but not under lock, which caused a race condition.

Reported by: Viktor Szakats

Fixes https://github.com/curl/curl/issues/18806
Closes https://github.com/curl/curl/pull/18813

diff --git a/lib/vtls/vtls_scache.c b/lib/vtls/vtls_scache.c
index e934fa3b5eaca62ebdc2186453ce428efad674ea..74b2b20cf67413dbbb0b2920aa58b2f7bd90def5 100644 (file)
--- a/lib/vtls/vtls_scache.c
+++ b/lib/vtls/vtls_scache.c
@@ -902,7 +902,6 @@ CURLcode Curl_ssl_scache_take(struct Curl_cfilter *cf,
       peer->age = scache->age; /* set this as used in this age */
     }
   }
-  Curl_ssl_scache_unlock(data);
   if(s) {
     *ps = s;
     CURL_TRC_SSLS(data, "took session for %s [proto=0x%x, "
@@ -914,6 +913,7 @@ CURLcode Curl_ssl_scache_take(struct Curl_cfilter *cf,
   else {
     CURL_TRC_SSLS(data, "no cached session for %s", ssl_peer_key);
   }
+  Curl_ssl_scache_unlock(data);
   return result;
 }