crypto/tls: Add mutex to protect KeyLogWriter

Concurrent use of tls.Config is allowed, and may lead to KeyLogWriter being written to concurrently. Without a mutex to protect it, corrupted output may occur. A mutex is added for correctness. The mutex is made global to save size of the config struct as KeyLogWriter is rarely enabled. Related to #13057. Change-Id: I5ee55b6d8b43a191ec21f06e2aaae5002a71daef Reviewed-on: https://go-review.googlesource.com/29016 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2024-09-30 03:24:39 -06:00 · 2016-09-10 22:07:33 +03:00 · 2016-09-10 22:07:33 +03:00 · f30598dd71
commit f30598dd71
parent c564aebce9
1 changed files with 6 additions and 0 deletions
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@ -643,10 +643,16 @@ func (c *Config) writeKeyLog(clientRandom, masterSecret []byte) error {
 	if c.KeyLogWriter == nil {
 		return nil
 	}
+	writerMutex.Lock()
 	_, err := fmt.Fprintf(c.KeyLogWriter, "CLIENT_RANDOM %x %x\n", clientRandom, masterSecret)
+	writerMutex.Unlock()
 	return err
 }

+// writerMutex protects all KeyLogWriters globally. It is rarely enabled,
+// and is only for debugging, so a global mutex saves space.
+var writerMutex sync.Mutex
+
 // A Certificate is a chain of one or more certificates, leaf first.
 type Certificate struct {
 	Certificate [][]byte