diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-02-19 13:21:46 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-03-20 05:10:06 +0000 |
commit | 04f3534815a7b06a0c66989217f11885b96630d8 (patch) | |
tree | 913282c4e8ce78f7f68630e55aebf1e6d8651db4 /src/network | |
parent | 2776d663aa1b7788917b3d3d0bd2817e1c72a947 (diff) |
Make getErrorsFromOpenSSL thread-safe
If we pass nullptr as a buffer parameter, ERR_error_string uses
a local array with static storage duration, which makes ERR_error_string
non thread-safe. Instead we can use ERR_error_string_n with our
own buffer. As for the size: docs are inconsistent, sometimes
they say 'at least 120 bytes long', sometimes 'at least 256 ...'.
Their code (ERR_error_string implenented via call to ERR_error_string_n)
has buf[256] and so we do. I know this will enrage our Mr. Bot, but I've
removed a stray whitespace.
Change-Id: I4b8cc7b6b9af1a34fc87a760927a493332cdd0a5
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 1fc7817fe8..396fe5e148 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -99,12 +99,13 @@ int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() { QString errorString; + char buf[256] = {}; // OpenSSL docs claim both 120 and 256; use the larger. unsigned long errNum; while ((errNum = q_ERR_get_error())) { - if (! errorString.isEmpty()) + if (!errorString.isEmpty()) errorString.append(QLatin1String(", ")); - const char *error = q_ERR_error_string(errNum, NULL); - errorString.append(QString::fromLatin1(error)); // error is ascii according to man ERR_error_string + q_ERR_error_string_n(errNum, buf, sizeof buf); + errorString.append(QString::fromLatin1(buf)); // error is ascii according to man ERR_error_string } return errorString; } |