commit 26d88cf154472f82b9777c06b57dc32226319f26
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat Jun 27 11:48:01 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 29 18:54:28 2015 +0200
tree ae55f9e091ae272ca9dcefaa641c3f59df023b9d
parent 5324d411da32d754a9658ff3eb5c1e59960d2bd9

Fix thread-safety issue in debug.c

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index d2328b6..626b141 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@
    * Increase the minimum size of Diffie-Hellman parameters accepted by the
      lient to 1024 bits, to protect against Logjam attack.
 
+Bugfix
+   * Fix thread-safety issue in the SSL debug module.
+
 Changes
    * Add SSL_MIN_DHM_BYTES configuration parameter in config.h to choose the
      minimum size of Diffie-Hellman parameters accepted by the client.

include/polarssl/debug.h

diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h
index 7032fb6..d87690a 100644
--- a/include/polarssl/debug.h
+++ b/include/polarssl/debug.h
@@ -30,7 +30,7 @@
 #if defined(POLARSSL_DEBUG_C)
 
 #define SSL_DEBUG_MSG( level, args )                    \
-    debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
+    debug_print_msg_free( ssl, level, __FILE__, __LINE__, debug_fmt args );
 
 #define SSL_DEBUG_RET( level, text, ret )                \
     debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret );
@@ -60,6 +60,9 @@
 
 char *debug_fmt( const char *format, ... );
 
+void debug_print_msg_free( const ssl_context *ssl, int level,
+                           const char *file, int line, char *text );
+
 void debug_print_msg( const ssl_context *ssl, int level,
                       const char *file, int line, const char *text );
 

library/debug.c

diff --git a/library/debug.c b/library/debug.c
index 77cd77d..fbab1c0 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -37,20 +37,33 @@
 #define vsnprintf _vsnprintf
 #endif
 
+#define DEBUG_BUF_SIZE  512
+
 char *debug_fmt( const char *format, ... )
 {
     va_list argp;
-    static char str[512];
-    int maxlen = sizeof( str ) - 1;
+    char *str = malloc( DEBUG_BUF_SIZE );
+
+    if( str == NULL )
+        return( NULL );
 
     va_start( argp, format );
-    vsnprintf( str, maxlen, format, argp );
+    vsnprintf( str, DEBUG_BUF_SIZE - 1, format, argp );
     va_end( argp );
 
-    str[maxlen] = '\0';
+    str[DEBUG_BUF_SIZE - 1] = '\0';
     return( str );
 }
 
+void debug_print_msg_free( const ssl_context *ssl, int level,
+                           const char *file, int line, char *text )
+{
+    if( text != NULL )
+        debug_print_msg( ssl, level, file, line, text );
+
+    free( text );
+}
+
 void debug_print_msg( const ssl_context *ssl, int level,
                       const char *file, int line, const char *text )
 {