diff options
| author | Marc Mutz <marc.mutz@qt.io> | 2023-02-21 09:21:29 +0100 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@qt.io> | 2023-02-23 16:28:36 +0100 |
| commit | 2449af142fa3d8ccb114262e994f308043ef6d70 (patch) | |
| tree | 8eb202e6acdfded08dada53634b51d4b3097ae6d | |
| parent | 101e57d37c3b1c1c24173f1b37f54f9efaedc329 (diff) | |
QMessageAuthenticationCode: fix result() non-re-entrancy
While QMessageAuthenticationCode is not copyable, result() is
nevertheless const, so a user could prepare a
QMessageAuthenticationCode object with setKey() and addData(), pass it
by const reference to two threads, which each just call result() on
it. This should be safe, but because result() performed lazy
evaluation without being internally synchronized, this would cause
data races.
Fix in the same was as b904de43a5acfc4067fc9e4146babd45c6ac1138 did
for QCryptographicHash. See there for a detailed discussion of the
solution.
Fixes: QTBUG-111347
Pick-to: 6.5 6.4 6.2 5.15
Change-Id: I1feb380973c480ad6268349a0a46ac471b9ca0f7
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Reviewed-by: David Faure <david.faure@kdab.com>
| -rw-r--r-- | src/corelib/tools/qmessageauthenticationcode.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/corelib/tools/qmessageauthenticationcode.cpp b/src/corelib/tools/qmessageauthenticationcode.cpp index 8f131e45a0..5853e9951e 100644 --- a/src/corelib/tools/qmessageauthenticationcode.cpp +++ b/src/corelib/tools/qmessageauthenticationcode.cpp @@ -1,8 +1,11 @@ +// Copyright (C) 2023 The Qt Company Ltd. // Copyright (C) 2013 Ruslan Nigmatullin <euroelessar@yandex.ru> // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only #include "qmessageauthenticationcode.h" #include "qvarlengtharray.h" +#include "qmutex.h" +#include "private/qlocking_p.h" #include "qtcore-config_p.h" @@ -70,6 +73,7 @@ public: QByteArray key; QByteArray result; + QBasicMutex finalizeMutex; QCryptographicHash messageHash; QCryptographicHash::Algorithm method; bool messageHashInited; @@ -77,7 +81,10 @@ public: void initMessageHash(); void finalize(); + // when not called from the static hash() function, this function needs to be + // called with finalizeMutex held: void finalizeUnchecked(); + // END functions that need to be called with finalizeMutex held }; void QMessageAuthenticationCodePrivate::initMessageHash() @@ -217,6 +224,7 @@ QByteArray QMessageAuthenticationCode::result() const void QMessageAuthenticationCodePrivate::finalize() { + const auto lock = qt_scoped_lock(finalizeMutex); if (!result.isEmpty()) return; initMessageHash(); |