search

veraison / go-cose

go library for CBOR Object Signing and Encryption (COSE)
Mozilla Public License 2.0
50 stars 26 forks source link

Guard against race conditions in RegisterAlgorithm #62

Closed qmuntal closed 2 years ago

qmuntal commented 2 years ago

NCC Group reported a race condition in RegisterAlgorithm:

The registration is performed through a global map. There is no mutex protection: concurrent accesses from several distinct threads (“goroutines”) may lead to adverse effects, including multiple registration of an algorithm, apparent removal of an existing registration, or a panic due to an out-of-bounds memory access is expected to apply its own locking to ensure that no other thread may access the library (including for merely verifying a signature) while any thread is performing a registration; however, this aspect is entirely undocumented

This PR fix the race condition.

@SteveLasker @shizhMSFT

SteveLasker commented 2 years ago

@qmuntal, can you fix the merge conflict from the other pr that just merged?

qmuntal commented 2 years ago

@qmuntal, can you fix the merge conflict from the other pr that just merged?

Done!