Skip to content

Fix data race in SSLCertContext copy & assignment#13227

Open
AceMeistr wants to merge 1 commit into
apache:masterfrom
AceMeistr:master
Open

Fix data race in SSLCertContext copy & assignment#13227
AceMeistr wants to merge 1 commit into
apache:masterfrom
AceMeistr:master

Conversation

@AceMeistr

@AceMeistr AceMeistr commented Jun 2, 2026

Copy link
Copy Markdown

Resolve concurrent read/write data races by using std::scoped_lock in operator= and locking other.ctx_mutex at the start of the copy constructor.

  1. Replaced the manual lock definition and sequence with std::scoped_lock

  2. Pushed lock guard to beginning to avoid source mutation during read to avoid data race by threads
    ISSUE #13225

@AceMeistr
Fix data race in SSLCertContext copy & assignment
a096260 
Resolve concurrent read/write data races by using std::scoped_lock in operator= and locking other.ctx_mutex at the start of the copy constructor.
@AceMeistr AceMeistr marked this pull request as draft June 3, 2026 18:09
@AceMeistr AceMeistr marked this pull request as ready for review June 3, 2026 18:09
@bryancall bryancall requested a review from Copilot June 8, 2026 22:37
@bryancall bryancall added the TLS label Jun 8, 2026
@bryancall bryancall added this to the 11.0.0 milestone Jun 8, 2026
Copilot AI reviewed Jun 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a concurrency bug in the TLS certificate context container (SSLCertContext) by ensuring its shared SSL_CTX state is consistently protected during copy construction and copy assignment, eliminating a concurrent read/write data race described in issue #13225.

Changes:

  • Lock other.ctx_mutex at the beginning of SSLCertContext copy construction to prevent concurrent mutation while copying.
  • Use std::scoped_lock in SSLCertContext::operator= to acquire both this->ctx_mutex and other.ctx_mutex in a deadlock-safe way before copying fields.

@bryancall bryancall requested a review from zwoop June 8, 2026 22:40
@bryancall bryancall linked an issue Jun 8, 2026 that may be closed by this pull request
SSLCertContext::operator= writes ctx without holding this->ctx_mutex (data race with concurrent getCtx/setCtx) #13225
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zwoop zwoop Awaiting requested review from zwoop

At least 1 approving review is required to merge this pull request.

Assignees

@AceMeistr AceMeistr

Labels

TLS

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

SSLCertContext::operator= writes ctx without holding this->ctx_mutex (data race with concurrent getCtx/setCtx)

3 participants

@AceMeistr @bryancall