Avoid mutating SslClientAuthenticationOptions in SslState

stephentoub · stephentoub · commit d35bab8ad6e8 · 2018-03-16T10:58:11.000-04:00
We shouldn't be mutating the options bag supplied by the caller.  This a) will leak back to the caller, and b) will result in problematic race conditions if the options bag is used with multiple SslStreams, such as if a cached instance is used.
diff --git a/src/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs b/src/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs
@@ -11,12 +11,12 @@ namespace System.Net.Security
 {
     internal class SslAuthenticationOptions
     {
-        internal SslAuthenticationOptions(SslClientAuthenticationOptions sslClientAuthenticationOptions)
+        internal SslAuthenticationOptions(SslClientAuthenticationOptions sslClientAuthenticationOptions, RemoteCertValidationCallback remoteCallback, LocalCertSelectionCallback localCallback)
         {
             // Common options.
             AllowRenegotiation = sslClientAuthenticationOptions.AllowRenegotiation;
             ApplicationProtocols = sslClientAuthenticationOptions.ApplicationProtocols;
-            CertValidationDelegate = sslClientAuthenticationOptions._certValidationDelegate;
+            CertValidationDelegate = remoteCallback;
             CheckCertName = true;
             EnabledSslProtocols = sslClientAuthenticationOptions.EnabledSslProtocols;
             EncryptionPolicy = sslClientAuthenticationOptions.EncryptionPolicy;
@@ -26,7 +26,7 @@ internal SslAuthenticationOptions(SslClientAuthenticationOptions sslClientAuthen
             TargetHost = sslClientAuthenticationOptions.TargetHost;
 
             // Client specific options.
-            CertSelectionDelegate = sslClientAuthenticationOptions._certSelectionDelegate;
+            CertSelectionDelegate = localCallback;
             CertificateRevocationCheckMode = sslClientAuthenticationOptions.CertificateRevocationCheckMode;
             ClientCertificates = sslClientAuthenticationOptions.ClientCertificates;
             LocalCertificateSelectionCallback = sslClientAuthenticationOptions.LocalCertificateSelectionCallback;
diff --git a/src/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs b/src/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs
@@ -16,9 +16,6 @@ public class SslClientAuthenticationOptions
         private SslProtocols _enabledSslProtocols = SecurityProtocol.SystemDefaultSecurityProtocols;
         private bool _allowRenegotiation = true;
 
-        internal RemoteCertValidationCallback _certValidationDelegate;
-        internal LocalCertSelectionCallback _certSelectionDelegate;
-
         public bool AllowRenegotiation
         {
             get => _allowRenegotiation;
diff --git a/src/System.Net.Security/src/System/Net/Security/SslState.cs b/src/System.Net.Security/src/System/Net/Security/SslState.cs
@@ -97,7 +97,7 @@ private void ThrowIfExceptional()
             }
         }
 
-        internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions)
+        internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions, RemoteCertValidationCallback remoteCallback, LocalCertSelectionCallback localCallback)
         {
             ThrowIfExceptional();
 
@@ -116,15 +116,14 @@ internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuth
                 throw new ArgumentNullException(nameof(sslClientAuthenticationOptions.TargetHost));
             }
 
-            if (sslClientAuthenticationOptions.TargetHost.Length == 0)
-            {
-                sslClientAuthenticationOptions.TargetHost = "?" + Interlocked.Increment(ref s_uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);
-            }
-
             _exception = null;
             try
             {
-                _sslAuthenticationOptions = new SslAuthenticationOptions(sslClientAuthenticationOptions);
+                _sslAuthenticationOptions = new SslAuthenticationOptions(sslClientAuthenticationOptions, remoteCallback, localCallback);
+                if (_sslAuthenticationOptions.TargetHost.Length == 0)
+                {
+                    _sslAuthenticationOptions.TargetHost = "?" + Interlocked.Increment(ref s_uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);
+                }
                 _context = new SecureChannel(_sslAuthenticationOptions);
             }
             catch (Win32Exception e)
diff --git a/src/System.Net.Security/src/System/Net/Security/SslStream.cs b/src/System.Net.Security/src/System/Net/Security/SslStream.cs
@@ -178,11 +178,7 @@ internal virtual IAsyncResult BeginAuthenticateAsClient(SslClientAuthenticationO
             SetAndVerifyValidationCallback(sslClientAuthenticationOptions.RemoteCertificateValidationCallback);
             SetAndVerifySelectionCallback(sslClientAuthenticationOptions.LocalCertificateSelectionCallback);
 
-            // Set the delegates on the options.
-            sslClientAuthenticationOptions._certValidationDelegate = _certValidationDelegate;
-            sslClientAuthenticationOptions._certSelectionDelegate = _certSelectionDelegate;
-
-            _sslState.ValidateCreateContext(sslClientAuthenticationOptions);
+            _sslState.ValidateCreateContext(sslClientAuthenticationOptions, _certValidationDelegate, _certSelectionDelegate);
 
             LazyAsyncResult result = new LazyAsyncResult(_sslState, asyncState, asyncCallback);
             _sslState.ProcessAuthentication(result);
@@ -302,11 +298,7 @@ private void AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthen
             SetAndVerifyValidationCallback(sslClientAuthenticationOptions.RemoteCertificateValidationCallback);
             SetAndVerifySelectionCallback(sslClientAuthenticationOptions.LocalCertificateSelectionCallback);
 
-            // Set the delegates on the options.
-            sslClientAuthenticationOptions._certValidationDelegate = _certValidationDelegate;
-            sslClientAuthenticationOptions._certSelectionDelegate = _certSelectionDelegate;
-
-            _sslState.ValidateCreateContext(sslClientAuthenticationOptions);
+            _sslState.ValidateCreateContext(sslClientAuthenticationOptions, _certValidationDelegate, _certSelectionDelegate);
             _sslState.ProcessAuthentication(null);
         }
 
diff --git a/src/System.Net.Security/tests/UnitTests/Fakes/FakeSslState.cs b/src/System.Net.Security/tests/UnitTests/Fakes/FakeSslState.cs
@@ -21,7 +21,7 @@ internal SslState(Stream innerStream)
         {
         }
 
-        internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions)
+        internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions, RemoteCertValidationCallback remoteCallback, LocalCertSelectionCallback localCallback)
         {
         }
 

Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,6 @@ public class SslClientAuthenticationOptions`
`16`	`16`	`private SslProtocols _enabledSslProtocols = SecurityProtocol.SystemDefaultSecurityProtocols;`
`17`	`17`	`private bool _allowRenegotiation = true;`
`18`	`18`
`19`		`- internal RemoteCertValidationCallback _certValidationDelegate;`
`20`		`- internal LocalCertSelectionCallback _certSelectionDelegate;`
`21`		`-`
`22`	`19`	`public bool AllowRenegotiation`
`23`	`20`	`{`
`24`	`21`	`get => _allowRenegotiation;`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ private void ThrowIfExceptional()`
`97`	`97`	`}`
`98`	`98`	`}`
`99`	`99`
`100`		`- internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions)`
	`100`	`+ internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions, RemoteCertValidationCallback remoteCallback, LocalCertSelectionCallback localCallback)`
`101`	`101`	`{`
`102`	`102`	`ThrowIfExceptional();`
`103`	`103`
`@@ -116,15 +116,14 @@ internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuth`
`116`	`116`	`throw new ArgumentNullException(nameof(sslClientAuthenticationOptions.TargetHost));`
`117`	`117`	`}`
`118`	`118`
`119`		`- if (sslClientAuthenticationOptions.TargetHost.Length == 0)`
`120`		`- {`
`121`		`- sslClientAuthenticationOptions.TargetHost = "?" + Interlocked.Increment(ref s_uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);`
`122`		`- }`
`123`		`-`
`124`	`119`	`_exception = null;`
`125`	`120`	`try`
`126`	`121`	`{`
`127`		`- _sslAuthenticationOptions = new SslAuthenticationOptions(sslClientAuthenticationOptions);`
	`122`	`+ _sslAuthenticationOptions = new SslAuthenticationOptions(sslClientAuthenticationOptions, remoteCallback, localCallback);`
	`123`	`+ if (_sslAuthenticationOptions.TargetHost.Length == 0)`
	`124`	`+ {`
	`125`	`+ _sslAuthenticationOptions.TargetHost = "?" + Interlocked.Increment(ref s_uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo);`
	`126`	`+ }`
`128`	`127`	`_context = new SecureChannel(_sslAuthenticationOptions);`
`129`	`128`	`}`
`130`	`129`	`catch (Win32Exception e)`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ internal SslState(Stream innerStream)`
`21`	`21`	`{`
`22`	`22`	`}`
`23`	`23`
`24`		`- internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions)`
	`24`	`+ internal void ValidateCreateContext(SslClientAuthenticationOptions sslClientAuthenticationOptions, RemoteCertValidationCallback remoteCallback, LocalCertSelectionCallback localCallback)`
`25`	`25`	`{`
`26`	`26`	`}`
`27`	`27`