From 6a7bbe0159c3d92368d674cea9cf3057784ba848 Mon Sep 17 00:00:00 2001 From: Vadim ProductEngine Date: Tue, 9 Aug 2011 22:47:19 +0300 Subject: STORM-1546 FIXED Fixed a crash caused by a race condition in LLRefCount. Reason: secapiSSLCertVerifyCallback() seems to be called simultaneously by multiple threads, which causes a race condition in LLRefCount::ref/unref() methods. The reference counter in LLSecAPIBasicHandler::mStore goes to zero, and the object gets destroyed. Fix: Derive LLCertificateStore from LLThreadSafeRefCount instead of LLRefCount, which should fix the race condition. Note: The LLThreadSafeRefCount constructor is private, so we have to wrap instances of the class with LLPointer. --- indra/newview/llsechandler_basic.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'indra/newview/llsechandler_basic.cpp') diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 90e8ff0aae..904bb03270 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -1209,12 +1209,12 @@ void LLSecAPIBasicHandler::init() // with the product std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem"); llinfos << "app path " << ca_file_path << llendl; - LLBasicCertificateStore app_ca_store = LLBasicCertificateStore(ca_file_path); + LLPointer app_ca_store = new LLBasicCertificateStore(ca_file_path); // push the applicate CA files into the store, therefore adding any new CA certs that // updated - for(LLCertificateVector::iterator i = app_ca_store.begin(); - i != app_ca_store.end(); + for(LLCertificateVector::iterator i = app_ca_store->begin(); + i != app_ca_store->end(); i++) { mStore->add(*i); -- cgit v1.2.3 From c7141025c85ebabc0447a7d7c6f580c2e6c47f74 Mon Sep 17 00:00:00 2001 From: Aaron Stone Date: Tue, 23 Aug 2011 14:45:42 -0700 Subject: Respect --no-verify-ssl-cert option. --- indra/newview/llsechandler_basic.cpp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'indra/newview/llsechandler_basic.cpp') diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 904bb03270..8d64c8c04f 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -1005,6 +1005,8 @@ void LLBasicCertificateStore::validate(int validation_policy, LLPointer cert_chain, const LLSD& validation_params) { + // If --no-verify-ssl-cert was passed on the command line, stop right now. + if (gSavedSettings.getBOOL("NoVerifySSLCert")) return; if(cert_chain->size() < 1) { -- cgit v1.2.3