summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Benjamin <davidben@google.com>2019-11-27 16:53:51 -0500
committerDaniel Stenberg <daniel@haxx.se>2019-11-28 00:48:19 +0100
commitd94aa39410256cbbfb0ddf71cb7f93f6cdf10d37 (patch)
tree81e3c912e624926bc34bfe43ac62c1687a84d3aa
parent113db127ee2b2f874dfcce406103ffe666e11953 (diff)
downloadcurl-d94aa39410256cbbfb0ddf71cb7f93f6cdf10d37.tar.gz
ngtcp2: fix thread-safety bug in error-handling
ERR_error_string(NULL) should never be called. It places the error in a global buffer, which is not thread-safe. Use ERR_error_string_n with a local buffer instead. Closes #4645
-rw-r--r--lib/vquic/ngtcp2.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
index 071d45c02..7d8b98e90 100644
--- a/lib/vquic/ngtcp2.c
+++ b/lib/vquic/ngtcp2.c
@@ -256,8 +256,9 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
SSL_CTX_set_default_verify_paths(ssl_ctx);
if(SSL_CTX_set_ciphersuites(ssl_ctx, QUIC_CIPHERS) != 1) {
- failf(data, "SSL_CTX_set_ciphersuites: %s",
- ERR_error_string(ERR_get_error(), NULL));
+ char error_buffer[256];
+ ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
+ failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer);
return NULL;
}