1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QMessageAuthenticationCode: fix result() non-re-entrancy

Browse Source 
While QMessageAuthenticationCode is not copyable, result() is
nevertheless const, so a user could prepare a
QMessageAuthenticationCode object with setKey() and addData(), pass it
by const reference to two threads, which each just call result() on
it. This should be safe, but because result() performed lazy
evaluation without being internally synchronized, this would cause
data races.

Fix in the same was as b904de43a5acfc4067fc9e4146babd45c6ac1138 did
for QCryptographicHash. See there for a detailed discussion of the
solution.

Fixes: QTBUG-111347
Change-Id: I1feb380973c480ad6268349a0a46ac471b9ca0f7
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: David Faure <david.faure@kdab.com>
(cherry picked from commit 2449af142fa3d8ccb114262e994f308043ef6d70)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Marc Mutz 2023-02-21 09:21:29 +01:00 committed by Qt Cherry-pick Bot
parent e206e50d63
commit f28275617f
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/corelib/tools/qmessageauthenticationcode.cpp
View File

@ -1,8 +1,11 @@
// Copyright (C) 2023 The Qt Company Ltd.
// Copyright (C) 2013 Ruslan Nigmatullin <euroelessar@yandex.ru> // Copyright (C) 2013 Ruslan Nigmatullin <euroelessar@yandex.ru>
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
#include "qmessageauthenticationcode.h" #include "qmessageauthenticationcode.h"
#include "qvarlengtharray.h" #include "qvarlengtharray.h"
#include "qmutex.h"
#include "private/qlocking_p.h"
#include "qtcore-config_p.h" #include "qtcore-config_p.h"
@ -70,6 +73,7 @@ public:
QByteArray key; QByteArray key;
QByteArray result; QByteArray result;
QBasicMutex finalizeMutex;
QCryptographicHash messageHash; QCryptographicHash messageHash;
QCryptographicHash::Algorithm method; QCryptographicHash::Algorithm method;
bool messageHashInited; bool messageHashInited;
@ -77,7 +81,10 @@ public:
void initMessageHash(); void initMessageHash();
void finalize(); void finalize();
// when not called from the static hash() function, this function needs to be
// called with finalizeMutex held:
void finalizeUnchecked(); void finalizeUnchecked();
// END functions that need to be called with finalizeMutex held
}; };
void QMessageAuthenticationCodePrivate::initMessageHash() void QMessageAuthenticationCodePrivate::initMessageHash()
@ -217,6 +224,7 @@ QByteArray QMessageAuthenticationCode::result() const
void QMessageAuthenticationCodePrivate::finalize() void QMessageAuthenticationCodePrivate::finalize()
{ {
const auto lock = qt_scoped_lock(finalizeMutex);
if (!result.isEmpty()) if (!result.isEmpty())
return; return;
initMessageHash(); initMessageHash();