Fixed thread safety in certificate check (fixed #670)

author: Hoa V. Dinh <dinh.viet.hoa@gmail.com> 2014-05-01 11:32:57 -0700
committer: Hoa V. Dinh <dinh.viet.hoa@gmail.com> 2014-05-01 11:32:57 -0700
commit: 1efae8f8f70f4b00055d6e9d32f8b98415f04b48 (patch)
tree: e4d5a4f7c79fdeb497cd2aa6bcc7b896ede775e2
parent: 587aa463682393d40e3666f32d5823363ad47a34 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc
index e6e46cbf..42b75916 100644
--- a/src/core/security/MCCertificateUtils.cc
+++ b/src/core/security/MCCertificateUtils.cc
@@ -53,16 +53,25 @@ bool mailcore::checkCertificate(mailstream * stream, String * hostname)
         CFRelease(cert);
     }
     
+    static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
+    
+    // The below API calls are not thread safe. We're making sure not to call the concurrently.
+    pthread_mutex_lock(&lock);
+    
     status = SecTrustCreateWithCertificates(certificates, policy, &trust);
     if (status != noErr) {
+        pthread_mutex_unlock(&lock);
         goto free_certs;
     }
     
     status = SecTrustEvaluate(trust, &trustResult);
     if (status != noErr) {
+        pthread_mutex_unlock(&lock);
         goto free_certs;
     }
     
+    pthread_mutex_unlock(&lock);
+    
     switch (trustResult) {
         case kSecTrustResultUnspecified:
         case kSecTrustResultProceed:
author	Hoa V. Dinh <dinh.viet.hoa@gmail.com>	2014-05-01 11:32:57 -0700
committer	Hoa V. Dinh <dinh.viet.hoa@gmail.com>	2014-05-01 11:32:57 -0700
commit	1efae8f8f70f4b00055d6e9d32f8b98415f04b48 (patch)
tree	e4d5a4f7c79fdeb497cd2aa6bcc7b896ede775e2
parent	587aa463682393d40e3666f32d5823363ad47a34 (diff)