Skip to content

os400sys: protect shared global buffers when TLS key creation failed #18967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
MegaManSec wants to merge 1 commit into from
Closed

os400sys: protect shared global buffers when TLS key creation failed #18967

MegaManSec wants to merge 1 commit into from

Conversation

@MegaManSec
Copy link
Contributor

@MegaManSec MegaManSec commented Oct 9, 2025

buffer_undef may set Curl_thread_buffer = buffer_unthreaded. This avoids concurrent realloc()/write races across threads.

@MegaManSec
os400sys: protect shared global buffers when TLS key creation failed
5dd8037 
buffer_undef may set Curl_thread_buffer = buffer_unthreaded.
This avoids concurrent realloc()/write races across threads.
@github-actions github-actions bot added the build label Oct 9, 2025
@bagder
Copy link
Member

bagder commented Oct 9, 2025

/cc @monnerat

@monnerat
Copy link
Contributor

monnerat commented Oct 9, 2025

I dont think it is TLS-related (which TLS nowadays ???). Probably the title should say thread key instead of TLS.

That said, the current behavior is intentional: OS400 interactive jobs do not support threads, so we consider that, if the key creation fails, other thread-related calls will too, and so the mutex lock/unlock calls do.

In all cases, using an unthreaded buffer is not compatible with running threads and, should it occur, will likely fail even with this commit... but this situation would be paradoxal.

In the case of batch jobs, threads are available and thus the key creation succeeds (why would it fail?) and buffer_unthreaded is never called.

I would rather comment the thing in the code...

@bagder
Copy link
Member

bagder commented Oct 9, 2025

I would rather comment the thing in the code...

Do you maybe feel the urge to make a proposal? 😀

monnerat added a commit to monnerat/curl that referenced this pull request Oct 10, 2025
@monnerat
os400: document threads handling in code.
7f4b964 
This is to clarify handling of threads unavaibility check and handling
for security bug busters unaware of OS400 specificities.

Closes curl#18967
@monnerat monnerat mentioned this pull request Oct 10, 2025
Closed
monnerat added a commit to monnerat/curl that referenced this pull request Oct 10, 2025
@monnerat
os400: document threads handling in code.
8d86a18 
This is to clarify threads unavaibility check and handling for security
bug busters unaware of OS400 specificities.

Closes curl#18967
@bagder bagder closed this in 67c75b6 Oct 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MegaManSec @bagder @monnerat