[XrdSecgsi] Fix SIOF problem with stackCRL, fixes #1564

xrootd · Dec 3, 2021 · ffc4c6b · ffc4c6b
1 parent a384ecb
commit ffc4c6b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/src/XrdSecgsi/XrdSecProtocolgsi.cc b/src/XrdSecgsi/XrdSecProtocolgsi.cc
@@ -196,7 +196,7 @@ XrdOucGMap *XrdSecProtocolgsi::servGMap = 0; // Grid map service
 //
 // CA and CRL stacks
 GSIStack<XrdCryptoX509Chain>  XrdSecProtocolgsi::stackCA; // Stack of CA in use
-GSIStack<XrdCryptoX509Crl>  XrdSecProtocolgsi::stackCRL; // Stack of CRL in use
+std::unique_ptr<GSIStack<XrdCryptoX509Crl>>  XrdSecProtocolgsi::stackCRL( new GSIStack<XrdCryptoX509Crl>() ); // Stack of CRL in use
 //
 // GMAP control vars
 time_t XrdSecProtocolgsi::lastGMAPCheck = -1; // Time of last check
@@ -4648,7 +4648,7 @@ int XrdSecProtocolgsi::GetCA(const char *cahash,
    if (cent->status == kCE_inactive) {
       // Cleanup and remove existing invalid entries
       if (chain) stackCA.Del(chain);
-      if (crl) stackCRL.Del(crl);
+      if (crl) stackCRL->Del(crl);
       PRINT("unable to get a valid entry from cache for " << tag);
       return -1;
    }
@@ -4662,14 +4662,14 @@ int XrdSecProtocolgsi::GetCA(const char *cahash,
       if (crl) {
          if (hs) hs->Crl = crl;
          // Add to the stack for proper cleaning of invalidated CRLs
-         stackCRL.Add(crl);
+         stackCRL->Add(crl);
       }
       return 0;
    }
 
    // Cleanup and remove existing invalid entries
    if (chain) stackCA.Del(chain);
-   if (crl) stackCRL.Del(crl);
+   if (crl) stackCRL->Del(crl);
 
    chain = 0;
    crl = 0;
@@ -4727,7 +4727,7 @@ int XrdSecProtocolgsi::GetCA(const char *cahash,
             if (crl) {
                cent->buf2.buf = (char *)(crl);
                cent->buf2.len = 0;      // Just a flag
-               stackCRL.Add(crl);
+               stackCRL->Add(crl);
             }
             cent->mtime = timestamp;
             cent->status = kCE_ok;

diff --git a/src/XrdSecgsi/XrdSecProtocolgsi.hh b/src/XrdSecgsi/XrdSecProtocolgsi.hh
@@ -26,6 +26,7 @@
 /*                                                                            */
 /******************************************************************************/
 #include <ctime>
+#include <memory>
 
 #include "XrdNet/XrdNetAddrInfo.hh"
 
@@ -378,7 +379,7 @@ private:
    //
    // CA and CRL stacks
    static GSIStack<XrdCryptoX509Chain>    stackCA; // Stack of CA in use
-   static GSIStack<XrdCryptoX509Crl>      stackCRL; // Stack of CRL in use
+   static std::unique_ptr<GSIStack<XrdCryptoX509Crl>> stackCRL; // Stack of CRL in use
    //
    // GMAP control vars
    static time_t           lastGMAPCheck; // time of last check on GMAP
@@ -528,10 +529,13 @@ public:
                      if (Chain) Chain->Cleanup(1);
                      SafeDelete(Chain);
                   }
-                  if (Crl) {
+                  // Make sure XrdSecProtocolgsi::stackCRL exists, it could happen
+                  // that it has been deallocated due to static deinitialization
+                  // order fiasco
+                  if (Crl && bool( XrdSecProtocolgsi::stackCRL ) ) {
                      // This decreases the counter and actually deletes the object only
                      // when no instance is using it
-                     XrdSecProtocolgsi::stackCRL.Del(Crl);
+                     XrdSecProtocolgsi::stackCRL->Del(Crl);
                      Crl = 0;
                   }
                   // The proxy chain is owned by the proxy cache; invalid proxies are