From 0929ae07074c03926ab438be732e91ea52a37e04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net> Date: Tue, 19 Dec 2023 14:54:04 -0500 Subject: [PATCH] Fix locking for JS TLS connections Also, expand the lock in websrvr to the correct scope. --- src/sbbs3/js_socket.c | 7 +++++-- src/sbbs3/websrvr.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/sbbs3/js_socket.c b/src/sbbs3/js_socket.c index 4d7a209f8d..b3cbf07c61 100644 --- a/src/sbbs3/js_socket.c +++ b/src/sbbs3/js_socket.c @@ -2369,8 +2369,10 @@ static JSBool js_socket_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict } } lock_ssl_cert(); - if (scfg->tls_certificate == -1) + if (scfg->tls_certificate == -1) { + unlock_ssl_cert(); ret = CRYPT_ERROR_NOTAVAIL; + } else { ret = cryptSetAttribute(p->session, CRYPT_SESSINFO_PRIVATEKEY, scfg->tls_certificate); if (ret != CRYPT_OK) { @@ -2384,7 +2386,8 @@ static JSBool js_socket_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict if((ret=do_cryptAttribute(p->session, CRYPT_SESSINFO_ACTIVE, 1))!=CRYPT_OK) { GCES(ret, p, estr, "setting session active"); } - unlock_ssl_cert(); + if (tiny != SOCK_PROP_SSL_SESSION) + unlock_ssl_cert(); } } } diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c index a325e31800..4c96b544e7 100644 --- a/src/sbbs3/websrvr.c +++ b/src/sbbs3/websrvr.c @@ -7243,10 +7243,10 @@ void web_server(void* arg) do_cryptInit(); // Must be called by someone before lock_ssl_cert() lock_ssl_cert(); if(scfg.tls_certificate != -1) { - unlock_ssl_cert(); // Init was already called or tls_certificate would be -1... if(do_cryptInit()) xpms_add_list(ws_set, PF_UNSPEC, SOCK_STREAM, 0, startup->tls_interfaces, startup->tls_port, "Secure Web Server", open_socket, startup->seteuid, "TLS"); + unlock_ssl_cert(); } else { unlock_ssl_cert(); -- GitLab