The function `ERR_error_string` can be invoked without providing a buffer, in which case OpenSSL will simply return a string printed into a static buffer. Obviously and as documented in ERR_error_string(3), this is not thread-safe at all. As libgit2 is a library, though, it is easily possible that other threads may be using OpenSSL at the same time, which might lead to clobbered error strings. Fix the issue by instead using a stack-allocated buffer. According to the documentation, the caller has to provide a buffer of at least 256 bytes of size. While we do so, make sure that the buffer will never get overflown by switching to `ERR_error_string_n` to specify the buffer's size.
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
curl.c | Loading commit data... | |
curl.h | Loading commit data... | |
openssl.c | Loading commit data... | |
openssl.h | Loading commit data... | |
socket.c | Loading commit data... | |
socket.h | Loading commit data... | |
stransport.c | Loading commit data... | |
stransport.h | Loading commit data... | |
tls.c | Loading commit data... | |
tls.h | Loading commit data... |