aboutsummaryrefslogtreecommitdiff
path: root/lib/http_ntlm.c
diff options
context:
space:
mode:
authorDavid Benjamin <davidben@google.com>2017-04-17 10:01:40 -0400
committerDaniel Stenberg <daniel@haxx.se>2017-04-17 23:20:30 +0200
commit1c92b5b60957b26819c5f8a9f46412564d4c2cfe (patch)
treedbcab3af39ae6aa5c801698971e23cc4dd40ee79 /lib/http_ntlm.c
parent47b2f89d7c7e1440a344e6e82a9390e0f912d2f8 (diff)
openssl: fix thread-safety bugs in error-handling
ERR_error_string with NULL parameter is not thread-safe. The library writes the string into some static buffer. Two threads doing this at once may clobber each other and run into problems. Switch to ERR_error_string_n which avoids this problem and is explicitly bounds-checked. Also clean up some remnants of OpenSSL 0.9.5 around here. A number of comments (fixed buffer size, explaining that ERR_error_string_n was added in a particular version) date to when ossl_strerror tried to support pre-ERR_error_string_n OpenSSLs. Closes #1424
Diffstat (limited to 'lib/http_ntlm.c')
0 files changed, 0 insertions, 0 deletions