Make getErrorsFromOpenSSL thread-safe

If we pass nullptr as a buffer parameter, ERR_error_string uses
a local array with static storage duration, which makes ERR_error_string
non thread-safe. Instead we can use ERR_error_string_n with our
own buffer. As for the size: docs are inconsistent, sometimes
they say 'at least 120 bytes long', sometimes 'at least 256 ...'.
Their code (ERR_error_string implenented via call to ERR_error_string_n)
has buf[256] and so we do. I know this will enrage our Mr. Bot, but I've
removed a stray whitespace.

Change-Id: I4b8cc7b6b9af1a34fc87a760927a493332cdd0a5
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>

1 files changed, 4 insertions, 3 deletions

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 1fc7817fe8..396fe5e148 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -99,12 +99,13 @@ int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1;
 QString QSslSocketBackendPrivate::getErrorsFromOpenSsl()
 {
     QString errorString;
+    char buf[256] = {}; // OpenSSL docs claim both 120 and 256; use the larger.
     unsigned long errNum;
     while ((errNum = q_ERR_get_error())) {
-        if (! errorString.isEmpty())
+        if (!errorString.isEmpty())
             errorString.append(QLatin1String(", "));
-        const char *error = q_ERR_error_string(errNum, NULL);
-        errorString.append(QString::fromLatin1(error)); // error is ascii according to man ERR_error_string
+        q_ERR_error_string_n(errNum, buf, sizeof buf);
+        errorString.append(QString::fromLatin1(buf)); // error is ascii according to man ERR_error_string
     }
     return errorString;
 }