From: David Benjamin <davidben@google.com>
Date: Wed, 27 Nov 2019 21:53:51 +0000 (-0500)
Subject: ngtcp2: fix thread-safety bug in error-handling
X-Git-Tag: curl-7_68_0~136
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d94aa39410256cbbfb0ddf71cb7f93f6cdf10d37;p=thirdparty%2Fcurl.git

ngtcp2: fix thread-safety bug in error-handling

ERR_error_string(NULL) should never be called. It places the error in a
global buffer, which is not thread-safe. Use ERR_error_string_n with a
local buffer instead.

Closes #4645
---

diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
index 071d45c027..7d8b98e90c 100644
--- a/lib/vquic/ngtcp2.c
+++ b/lib/vquic/ngtcp2.c
@@ -256,8 +256,9 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
   SSL_CTX_set_default_verify_paths(ssl_ctx);
 
   if(SSL_CTX_set_ciphersuites(ssl_ctx, QUIC_CIPHERS) != 1) {
-    failf(data, "SSL_CTX_set_ciphersuites: %s",
-          ERR_error_string(ERR_get_error(), NULL));
+    char error_buffer[256];
+    ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
+    failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer);
     return NULL;
   }