From 9d4a036bb437c1a5a7de4b73425073ea3e0d2987 Mon Sep 17 00:00:00 2001
From: "Stanislav Kobziev (GitHub)"
 <43001407+SKobziev@users.noreply.github.com>
Date: Tue, 11 Feb 2020 17:49:54 +0200
Subject: Prevent creation of SSL context during certificate updating (#2777)

* Prevent creation of SSL context during certificate updating

Added sync primitive into CryptoManagerImpl as class member
and added lock into OnCertificateUpdated, CreateSSLContext
methods for preventing race conditions

* fixup! Prevent creation of SSL context during certificate updating

Co-authored-by: Yevhenii Dementieiev (GitHub) <57259850+ydementieiev@users.noreply.github.com>
---
 .../security_manager/include/security_manager/crypto_manager_impl.h    | 1 +
 src/components/security_manager/src/crypto_manager_impl.cc             | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h
index 46fd1a5995..42abe6e3b6 100644
--- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h
+++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h
@@ -206,6 +206,7 @@ class CryptoManagerImpl : public CryptoManager {
   SSL_CTX* context_;
   static uint32_t instance_count_;
   static sync_primitives::Lock instance_lock_;
+  sync_primitives::Lock crypto_manager_lock_;
   DISALLOW_COPY_AND_ASSIGN(CryptoManagerImpl);
 };
 }  // namespace security_manager
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index cb42d5b46c..48b3119bec 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -283,6 +283,7 @@ bool CryptoManagerImpl::Init() {
 
 bool CryptoManagerImpl::OnCertificateUpdated(const std::string& data) {
   LOG4CXX_AUTO_TRACE(logger_);
+  sync_primitives::AutoLock lock(crypto_manager_lock_);
   if (!context_) {
     LOG4CXX_WARN(logger_, "Not initialized");
     return false;
@@ -307,6 +308,8 @@ bool CryptoManagerImpl::OnCertificateUpdated(const std::string& data) {
 }
 
 SSLContext* CryptoManagerImpl::CreateSSLContext() {
+  LOG4CXX_AUTO_TRACE(logger_);
+  sync_primitives::AutoLock lock(crypto_manager_lock_);
   if (NULL == context_) {
     return NULL;
   }
-- 
cgit v1.2.1