From 5eda66501c6a6f2194b1a15a2f7f0e0625d86197 Mon Sep 17 00:00:00 2001
From: Neel Goyal <ngoyal@fb.com>
Date: Mon, 8 Jan 2018 08:49:37 -0800
Subject: [PATCH 1/1] Use local error buffer in readStoreFromBuffer

Summary: ERR_error_string will use a static buffer if none is provided.  This is unsafe in threaded envs when we build a string out of it later.  Switch this to use ERR_error_string_n

Reviewed By: yfeldblum, knekritz

Differential Revision: D6664958

fbshipit-source-id: 2071347373ac61ebc28296fa66845cd718172b5e
---
 folly/ssl/OpenSSLCertUtils.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/folly/ssl/OpenSSLCertUtils.cpp b/folly/ssl/OpenSSLCertUtils.cpp
index f07096d2..f8274a44 100644
--- a/folly/ssl/OpenSSLCertUtils.cpp
+++ b/folly/ssl/OpenSSLCertUtils.cpp
@@ -260,9 +260,11 @@ X509StoreUniquePtr OpenSSLCertUtils::readStoreFromBuffer(ByteRange certRange) {
       auto err = ERR_get_error();
       if (ERR_GET_LIB(err) != ERR_LIB_X509 ||
           ERR_GET_REASON(err) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
+        std::array<char, 256> errBuff;
+        ERR_error_string_n(err, errBuff.data(), errBuff.size());
         throw std::runtime_error(folly::to<std::string>(
             "Could not insert CA certificate into store: ",
-            std::string(ERR_error_string(err, nullptr))));
+            std::string(errBuff.data())));
       }
     }
   }
-- 
2.34.1