Closed Bug 1925505 Opened 1 year ago Closed 1 year ago

Thread safety of `firsttime` in `ssl_SetDefaultsFromEnvironment`

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mdauer, Assigned: mdauer)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

Bug 1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe, r?#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review

firsttime is not guarded in any way, resulting in a race condition if multiple threads call ssl_SetDefaultsFromEnvironment at the same time: https://searchfox.org/mozilla-central/rev/e24f7f322960a39f9ef644a31b6026994db73850/security/nss/lib/ssl/sslsock.c#3912.

Interestingly, while searching for firsttime I came across a similar variant at nsSOCKSIOLayerAddToSocket, though I'm not sure if it is reachable by multiple threads simultaneously: https://searchfox.org/mozilla-central/rev/e24f7f322960a39f9ef644a31b6026994db73850/netwerk/socket/nsSOCKSIOLayer.cpp#1392.

Assignee: nobody → mdauer
Status: NEW → ASSIGNED

https://hg.mozilla.org/projects/nss/rev/5f06d0a0fb705f30c057165bc3fbceb2e63ab5ec

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Duplicate of this bug: 1558967
Blocks: nss-fuzzing-bugs
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: