Skip to content

Comments

Keep X509 handle alive while in use when reading certificate data#56277

Merged
stephentoub merged 2 commits intodotnet:mainfrom
vcsjones:x509-race
Jul 26, 2021
Merged

Keep X509 handle alive while in use when reading certificate data#56277
stephentoub merged 2 commits intodotnet:mainfrom
vcsjones:x509-race

Conversation

@vcsjones
Copy link
Member

@vcsjones vcsjones commented Jul 25, 2021
edited
Loading

The X509 certificate reader for OpenSSL does several operations in two steps. First, get a pointer to some interior data of the X509* object, and then pass that pointer off to some other API that knows how to interpret the data that is in the pointer.

If the X509SafeHandle is freed between these two steps, then the interior data pointer no longer points to valid data. This change keeps the SafeX509Handle and the X509 OpenSSL object alive while it is in use. This prevents crashes if a X509Certificate2 object is being used while it is in the middle of being disposed.

This also adds a specific test that tries to reproduce the issue. It will rarely get hit, but often enough that it would show up as a flaky test very soon if the behavior regresses.

PR is best reviewed ignoring white space.

Closes #49732

@ghost ghost added community-contribution Indicates that the PR has been added by a community member area-System.Security labels Jul 25, 2021
@ghost
Copy link

ghost commented Jul 25, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

The X509 certificate reader in for OpenSSL does several operations in two steps. First, get a pointer to some interior data of the X509* object, and then pass that pointer off to some other API that knows how to interpret the data that is in the pointer.

If the X509SafeHandle is freed between these two steps, then the interior data pointer no longer points to valid data. This change keeps the SafeX509Handle and the X509 OpenSSL object alive while it is in use. This prevents crashes if a X509Certificate2 object is being used while it is in the middle of being disposed.

This also adds a specific test that tries to reproduce the issue. It will rarely get hit, but often enough that it would show up as a flaky test very soon if the behavior regresses.

PR is best reviewed ignoring white space.

Closes #49732

Author: vcsjones
Assignees: -
Labels:

area-System.Security, community-contribution
Milestone: -

@vcsjones
Copy link
Member Author

vcsjones commented Jul 25, 2021

That test failed about 1/2000 runs for me. I let it run several million times after making the associated changes and was no longer able to reproduce the issue.

@bartonjs bartonjs requested a review from stephentoub July 25, 2021 19:40
@stephentoub stephentoub merged commit 10c2383 into dotnet:main Jul 26, 2021
@vcsjones vcsjones deleted the x509-race branch July 26, 2021 12:25
@karelz karelz mentioned this pull request Jul 28, 2021
Closed
@jaredpar jaredpar mentioned this pull request Aug 17, 2021
Open
@ghost ghost locked as resolved and limited conversation to collaborators Aug 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stephentoub stephentoub stephentoub approved these changes

@bartonjs bartonjs bartonjs approved these changes

Assignees

No one assigned

Labels

area-System.Security community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

System.Security.Cryptography.X509Certificates.Tests: Assertion `0 && "Huge length X509_NAME"' failed.

3 participants

@vcsjones @stephentoub @bartonjs