diff options
author | David Benjamin <davidben@google.com> | 2019-11-27 16:53:51 -0500 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-11-28 00:48:19 +0100 |
commit | d94aa39410256cbbfb0ddf71cb7f93f6cdf10d37 (patch) | |
tree | 81e3c912e624926bc34bfe43ac62c1687a84d3aa | |
parent | 113db127ee2b2f874dfcce406103ffe666e11953 (diff) | |
download | curl-d94aa39410256cbbfb0ddf71cb7f93f6cdf10d37.tar.gz |
ngtcp2: fix thread-safety bug in error-handling
ERR_error_string(NULL) should never be called. It places the error in a
global buffer, which is not thread-safe. Use ERR_error_string_n with a
local buffer instead.
Closes #4645
-rw-r--r-- | lib/vquic/ngtcp2.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c index 071d45c02..7d8b98e90 100644 --- a/lib/vquic/ngtcp2.c +++ b/lib/vquic/ngtcp2.c @@ -256,8 +256,9 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) SSL_CTX_set_default_verify_paths(ssl_ctx); if(SSL_CTX_set_ciphersuites(ssl_ctx, QUIC_CIPHERS) != 1) { - failf(data, "SSL_CTX_set_ciphersuites: %s", - ERR_error_string(ERR_get_error(), NULL)); + char error_buffer[256]; + ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer)); + failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer); return NULL; } |