Bug: OpenSSL does not safely share some user data among threads
The vflags
structure is being shared among threads in a completely unsafe manner.
This is because it is being set as "user data" globally such that all threads share the same pointer (_ctx
is a global variable).
store = SSL_CTX_get_cert_store(_ctx);
if (!store) {
}
if (!X509_STORE_set_ex_data(store, store_userdata_idx, (void *) vflags)) {
retval = WGET_E_UNKNOWN;
goto bail;
}