From a4da85eed62ae9c6dda0d3b07b2432b34d73d616 Mon Sep 17 00:00:00 2001 From: Andrey Ermolov Date: Wed, 4 Oct 2023 02:41:59 +0000 Subject: [PATCH] Data race fix --- security/advancedtls/crl_provider.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/security/advancedtls/crl_provider.go b/security/advancedtls/crl_provider.go index 103ff8b11..f128df807 100644 --- a/security/advancedtls/crl_provider.go +++ b/security/advancedtls/crl_provider.go @@ -23,6 +23,7 @@ import ( "crypto/x509" "fmt" "os" + "sync" "time" ) @@ -78,8 +79,7 @@ func (p *StaticCRLProvider) addCRL(crl *CRL) { // CRL returns CRL struct if it was previously loaded by calling AddCRL. func (p *StaticCRLProvider) CRL(cert *x509.Certificate) (*CRL, error) { - key := cert.Issuer.ToRDNSequence().String() - return p.crls[key], nil + return p.crls[cert.Issuer.ToRDNSequence().String()], nil } // Options represents a data structure holding a @@ -95,6 +95,7 @@ type Options struct { type FileWatcherCRLProvider struct { crls map[string]*CRL opts Options + mu sync.Mutex cancel context.CancelFunc } @@ -225,6 +226,8 @@ func (p *FileWatcherCRLProvider) addCRL(filePath string) error { } certList.RawIssuer = rawCRLIssuer key := certList.CertList.Issuer.ToRDNSequence().String() + p.mu.Lock() + defer p.mu.Unlock() p.crls[key] = certList grpclogLogger.Infof("In-memory CRL storage of FileWatcherCRLProvider for key %v updated", key) return nil @@ -233,6 +236,7 @@ func (p *FileWatcherCRLProvider) addCRL(filePath string) error { // CRL retrieves the CRL associated with the given certificate's issuer DN from // in-memory if it was previously loaded during CRLDirectory scan. func (p *FileWatcherCRLProvider) CRL(cert *x509.Certificate) (*CRL, error) { - key := cert.Issuer.ToRDNSequence().String() - return p.crls[key], nil + p.mu.Lock() + defer p.mu.Unlock() + return p.crls[cert.Issuer.ToRDNSequence().String()], nil }