commit 6c3ccf5fd030e4c48c103e9175a13752bc64cb01
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 29 14:57:45 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 29 18:52:57 2015 +0200
tree bfe57636f44815129c2ee22502f7d8796a4670f6
parent 8e8ae3d9617451f9f338b7b22cf8ec55192bf108

Fix thread-safety issue in debug.c

Closes #203

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index c67b358..a206690 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.12 released 2015-07-??
+
+Bugfix
+   * Fix thread-safety issue in SSL debug module (found by Edwin van Vliet).
+
 = mbed TLS 1.3.11 released 2015-06-04
 
 Security

include/polarssl/debug.h

diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h
index fcf1490..2dd89a2 100644
--- a/include/polarssl/debug.h
+++ b/include/polarssl/debug.h
@@ -57,7 +57,7 @@
 
 
 #define SSL_DEBUG_MSG( level, args )                    \
-    debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
+    debug_print_msg_free( ssl, level, __FILE__, __LINE__, debug_fmt args );
 
 #define SSL_DEBUG_RET( level, text, ret )                \
     debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret );
@@ -115,6 +115,9 @@
 
 char *debug_fmt( const char *format, ... );
 
+void debug_print_msg_free( const ssl_context *ssl, int level,
+                           const char *file, int line, char *text );
+
 void debug_print_msg( const ssl_context *ssl, int level,
                       const char *file, int line, const char *text );
 

library/debug.c

diff --git a/library/debug.c b/library/debug.c
index 825cc94..753fc0f 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -47,9 +47,13 @@
 #if defined(POLARSSL_PLATFORM_C)
 #include "polarssl/platform.h"
 #else
-#define polarssl_snprintf snprintf
+#define polarssl_snprintf   snprintf
+#define polarssl_malloc     malloc
+#define polarssl_free       free
 #endif
 
+#define DEBUG_BUF_SIZE  512
+
 static int debug_log_mode = POLARSSL_DEBUG_DFL_MODE;
 static int debug_threshold = 0;
 
@@ -66,17 +70,28 @@
 char *debug_fmt( const char *format, ... )
 {
     va_list argp;
-    static char str[512];
-    int maxlen = sizeof( str ) - 1;
+    char *str = polarssl_malloc( DEBUG_BUF_SIZE );
+
+    if( str == NULL )
+        return;
 
     va_start( argp, format );
-    vsnprintf( str, maxlen, format, argp );
+    vsnprintf( str, DEBUG_BUF_SIZE - 1, format, argp );
     va_end( argp );
 
-    str[maxlen] = '\0';
+    str[DEBUG_BUF_SIZE - 1] = '\0';
     return( str );
 }
 
+void debug_print_msg_free( const ssl_context *ssl, int level,
+                           const char *file, int line, char *text )
+{
+    if( text != NULL )
+        debug_print_msg( ssl, level, file, line, text );
+
+    polarssl_free( text );
+}
+
 void debug_print_msg( const ssl_context *ssl, int level,
                       const char *file, int line, const char *text )
 {

tests/suites/test_suite_debug.function

diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 7db04e5..df34010 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -44,8 +44,8 @@
     debug_set_threshold( threshold );
     ssl_set_dbg(&ssl, string_debug, &buffer);
 
-    debug_print_msg( &ssl, level, file, line,
-                     debug_fmt("Text message, 2 == %d", 2 ) );
+    debug_print_msg_free( &ssl, level, file, line,
+                          debug_fmt("Text message, 2 == %d", 2 ) );
 
     TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
 }