named-data-iot / ndn-lite

A lightweight NDN protocol stack with high-level application support including security bootstrapping, access control, trust management, etc.
https://ndn-lite.named-data.net
GNU Lesser General Public License v3.0
44 stars 16 forks source link

ndn_sig_verifier_verify_data is not reentrant #68

Open yoursunny opened 4 years ago

yoursunny commented 4 years ago

The function writes into a global variable m_userdata. Consequently, if the application invokes ndn_sig_verifier_verify_data with a new Data packet before the previous validation has completed, undefined behavior may occur. https://github.com/named-data-iot/ndn-lite/blob/6d433acd9b32f6116670ca720025490c38a3e2f8/app-support/ndn-sig-verifier.c#L30-L32 https://github.com/named-data-iot/ndn-lite/blob/6d433acd9b32f6116670ca720025490c38a3e2f8/app-support/ndn-sig-verifier.c#L330-L333

To solve this issue:

  1. Introduce a ndn_sig_verifier_verify_data_r function that accepts a context argument to carry per-validation state, to be used in place of the global variable(s). The calling application is responsible for allocating memory (either statically or dynamically) for the context struct.
  2. Implement ndn_sig_verifier_verify_data as a wrapper of ndn_sig_verifier_verify_data that uses global variable or function-scope static variable as context.
  3. Update the documentation of ndn_sig_verifier_verify_data to note the non-reentrancy limitation.