Fix race for X509 store found by thread sanitizer

[openssl.git] / crypto / bio / bss_conn.c

diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 865a4d4cd429ee134fc4a6a8b02e3aa7d4441bc8..c7a19a553810db70fbc0f376cb30f5c02c059942 100644 (file)
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,7 +110,7 @@ err:
 
 static int conn_state(BIO *b, BIO_CONNECT *c)
 {
-    int ret = -1, i;
+    int ret = -1, i, opts;
     BIO_info_cb *cb = NULL;
 
     if (c->info_callback != NULL)
@@ -188,8 +188,12 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
         case BIO_CONN_S_CONNECT:
             BIO_clear_retry_flags(b);
             ERR_set_mark();
-            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
-                              BIO_SOCK_KEEPALIVE | c->connect_mode);
+
+            opts = c->connect_mode;
+            if (BIO_ADDRINFO_socktype(c->addr_iter) == SOCK_STREAM)
+                opts |= BIO_SOCK_KEEPALIVE;
+
+            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), opts);
             b->retry_reason = 0;
             if (ret == 0) {
                 if (BIO_sock_should_retry(ret)) {
@@ -347,8 +351,7 @@ static int conn_free(BIO *a)
         return 0;
     data = (BIO_CONNECT *)a->ptr;
 
-    if (data->dgram_bio != NULL)
-        BIO_free(data->dgram_bio);
+    BIO_free(data->dgram_bio);
 
     if (a->shutdown) {
         conn_close_socket(a);
@@ -372,8 +375,12 @@ static int conn_read(BIO *b, char *out, int outl)
             return ret;
     }
 
-    if (data->dgram_bio != NULL)
-        return BIO_read(data->dgram_bio, out, outl);
+    if (data->dgram_bio != NULL) {
+        BIO_clear_retry_flags(b);
+        ret = BIO_read(data->dgram_bio, out, outl);
+        BIO_set_flags(b, BIO_get_retry_flags(data->dgram_bio));
+        return ret;
+    }
 
     if (out != NULL) {
         clear_socket_error();
@@ -406,8 +413,12 @@ static int conn_write(BIO *b, const char *in, int inl)
             return ret;
     }
 
-    if (data->dgram_bio != NULL)
-        return BIO_write(data->dgram_bio, in, inl);
+    if (data->dgram_bio != NULL) {
+        BIO_clear_retry_flags(b);
+        ret = BIO_write(data->dgram_bio, in, inl);
+        BIO_set_flags(b, BIO_get_retry_flags(data->dgram_bio));
+        return ret;
+    }
 
     clear_socket_error();
 # ifndef OPENSSL_NO_KTLS
@@ -571,6 +582,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
         break;
     case BIO_CTRL_DGRAM_GET_PEER:
+    case BIO_CTRL_DGRAM_DETECT_PEER_ADDR:
         if (data->state != BIO_CONN_S_OK)
             conn_state(b, data); /* best effort */
 
@@ -610,6 +622,10 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
             data->connect_mode |= BIO_SOCK_NONBLOCK;
         else
             data->connect_mode &= ~BIO_SOCK_NONBLOCK;
+
+        if (data->dgram_bio != NULL)
+            ret = BIO_set_nbio(data->dgram_bio, num);
+
         break;
 #if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
     case BIO_C_SET_TFO: