diff options
author | David Benjamin <davidben@google.com> | 2017-04-17 10:01:40 -0400 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-04-17 23:20:30 +0200 |
commit | 1c92b5b60957b26819c5f8a9f46412564d4c2cfe (patch) | |
tree | dbcab3af39ae6aa5c801698971e23cc4dd40ee79 /lib/http_ntlm.c | |
parent | 47b2f89d7c7e1440a344e6e82a9390e0f912d2f8 (diff) |
openssl: fix thread-safety bugs in error-handling
ERR_error_string with NULL parameter is not thread-safe. The library
writes the string into some static buffer. Two threads doing this at
once may clobber each other and run into problems. Switch to
ERR_error_string_n which avoids this problem and is explicitly
bounds-checked.
Also clean up some remnants of OpenSSL 0.9.5 around here. A number of
comments (fixed buffer size, explaining that ERR_error_string_n was
added in a particular version) date to when ossl_strerror tried to
support pre-ERR_error_string_n OpenSSLs.
Closes #1424
Diffstat (limited to 'lib/http_ntlm.c')
0 files changed, 0 insertions, 0 deletions