Ticket #308 (closed defect: wontfix)
possible race condition on static buffer in HMAC-SHA1
| Reported by: | neil | Owned by: | jaymccarthy |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | jaymccarthy/hmac-sha1.plt | Keywords: | |
| Cc: | Version: | (1 1) | |
| Racket Version: | 4.2.5 |
Description
Looks like the way that the "HMAC" C function is used in this code -- using a static buffer on the C side for the result -- presents a race condition, in that some code in another Scheme thread could conceivably stomp on the buffer in between the C call being made through FFI and the result being copied out of the static buffer on the Scheme side.
I thought of a mutex lock in the Scheme side, but two potential problems occurred to me: (1) there still might be other concurrent calls into the shared library from Scheme code that don't use this particular FFI binding; (2) C code in native threads might also inadvisably use the static buffer.
Perhaps passing in a fresh buffer each time is the best solution?
I am actually using this library now, so please advise whether you expect to get a chance to look at this in the next few days or I should clone the code and develop my own fix. Thank you.
