Use local error buffer in readStoreFromBuffer
authorNeel Goyal <ngoyal@fb.com>
Mon, 8 Jan 2018 16:49:37 +0000 (08:49 -0800)
committerFacebook Github Bot <facebook-github-bot@users.noreply.github.com>
Mon, 8 Jan 2018 16:55:38 +0000 (08:55 -0800)
Summary: ERR_error_string will use a static buffer if none is provided.  This is unsafe in threaded envs when we build a string out of it later.  Switch this to use ERR_error_string_n

Reviewed By: yfeldblum, knekritz

Differential Revision: D6664958

fbshipit-source-id: 2071347373ac61ebc28296fa66845cd718172b5e

folly/ssl/OpenSSLCertUtils.cpp

index f07096d..f8274a4 100644 (file)
@@ -260,9 +260,11 @@ X509StoreUniquePtr OpenSSLCertUtils::readStoreFromBuffer(ByteRange certRange) {
       auto err = ERR_get_error();
       if (ERR_GET_LIB(err) != ERR_LIB_X509 ||
           ERR_GET_REASON(err) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
+        std::array<char, 256> errBuff;
+        ERR_error_string_n(err, errBuff.data(), errBuff.size());
         throw std::runtime_error(folly::to<std::string>(
             "Could not insert CA certificate into store: ",
-            std::string(ERR_error_string(err, nullptr))));
+            std::string(errBuff.data())));
       }
     }
   }