From 1efae8f8f70f4b00055d6e9d32f8b98415f04b48 Mon Sep 17 00:00:00 2001 From: "Hoa V. Dinh" Date: Thu, 1 May 2014 11:32:57 -0700 Subject: Fixed thread safety in certificate check (fixed #670) --- src/core/security/MCCertificateUtils.cc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc index e6e46cbf..42b75916 100644 --- a/src/core/security/MCCertificateUtils.cc +++ b/src/core/security/MCCertificateUtils.cc @@ -53,16 +53,25 @@ bool mailcore::checkCertificate(mailstream * stream, String * hostname) CFRelease(cert); } + static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; + + // The below API calls are not thread safe. We're making sure not to call the concurrently. + pthread_mutex_lock(&lock); + status = SecTrustCreateWithCertificates(certificates, policy, &trust); if (status != noErr) { + pthread_mutex_unlock(&lock); goto free_certs; } status = SecTrustEvaluate(trust, &trustResult); if (status != noErr) { + pthread_mutex_unlock(&lock); goto free_certs; } + pthread_mutex_unlock(&lock); + switch (trustResult) { case kSecTrustResultUnspecified: case kSecTrustResultProceed: -- cgit v1.2.3