Skip to content

Commit

Permalink
Bug 1287711 - Make writes to SSLKEYLOGFILE thread-safe, r=mt
Browse files Browse the repository at this point in the history 
Protect writes to the keylog file with a lock.

Differential Revision: https://phabricator.services.mozilla.com/D86

--HG--
extra : amend_source : 7fabe73fa519d188515d34eb87cb41694cc71dce
  • Loading branch information
@martinthomson
martinthomson committed Oct 3, 2017
1 parent 7e8450f commit a4f7719
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 3 deletions.
7 changes: 4 additions & 3 deletions lib/ssl/ssl3con.c
View file
Expand Up @@ -11196,9 +11196,10 @@ ssl3_RecordKeyLog(sslSocket *ss, const char *label, PK11SymKey *secret)

PORT_Assert(offset == len);

if (fwrite(buf, len, 1, ssl_keylog_iob) != 1)
return;
fflush(ssl_keylog_iob);
PZ_Lock(ssl_keylog_lock);
if (fwrite(buf, len, 1, ssl_keylog_iob) == 1)
fflush(ssl_keylog_iob);
PZ_Unlock(ssl_keylog_lock);
#endif
}

Expand Down
1 change: 1 addition & 0 deletions lib/ssl/sslimpl.h
View file
Expand Up @@ -1243,6 +1243,7 @@ extern char ssl_debug;
extern char ssl_trace;
extern FILE *ssl_trace_iob;
extern FILE *ssl_keylog_iob;
extern PZLock *ssl_keylog_lock;
extern PRUint32 ssl3_sid_timeout;
extern PRUint32 ssl_ticket_lifetime;
extern PRUint32 ssl_max_early_data_size;
Expand Down
7 changes: 7 additions & 0 deletions lib/ssl/sslsock.c
View file
Expand Up @@ -124,6 +124,7 @@ FILE *ssl_trace_iob;

#ifdef NSS_ALLOW_SSLKEYLOGFILE
FILE *ssl_keylog_iob;
PZLock *ssl_keylog_lock;
#endif

char lockStatus[] = "Locks are ENABLED. ";
Expand Down Expand Up @@ -3544,6 +3545,12 @@ ssl_SetDefaultsFromEnvironment(void)
ssl_keylog_iob);
}
SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
ssl_keylog_lock = PR_NewLock();
if (!ssl_keylog_lock) {
SSL_TRACE(("SSL: failed to create key log lock"));
fclose(ssl_keylog_iob);
ssl_keylog_iob = NULL;
}
}
}
#endif
Expand Down

0 comments on commit a4f7719

Please sign in to comment.