Skip to content

[release/10.0] Use a SafeHandle when duplicating a certificate context. #119372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
artl93 merged 1 commit into from
Sep 5, 2025
Merged

[release/10.0] Use a SafeHandle when duplicating a certificate context. #119372

artl93 merged 1 commit into from
Sep 5, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Sep 4, 2025
edited by vcsjones
Loading

Backport of #119362 to release/10.0

/cc @vcsjones

Customer Impact

  • Customer reported
  • Found internally

Customers occasionally use an X509Certificate2 in a way that results in concurrent use and Dispose. A change was recently made that cause this to have an access violation or corruption and take down the process.

Regression

  • Yes
  • No

Introduced by PR #117907.

Testing

We have a smoke test for this, RaceDisposeAndKeyAccess that attempts to use and dispose a certificate concurrently. Since the race window is fairly narrow, the test does not hit the conditions required to create a crash reliably. However this test did start failing in CI which identified the issue.

The fix was verified by running the same test with significantly more attempts and not crashing in 60 minutes, whereas a crash would previously happen in less than 5.

Risk

Low. The change is straightforward and uses a SafeHandle to ensure the native interop does not use a freed handle. There is significant test coverage in this area to test that existing scenarios continue to work as expected.

@vcsjones
Use a SafeHandle when duplicating a certificate context.
d57a3c7 
CertDuplicateCertificateContext does not ensure the CERT_CONTEXT pointer it is incrementing has not been freed.
If the duplicate and dispose race, duplicating a disposed handle will lead to unspecified behavior.

For .NET 10, we can use the SafeHandle around the certificate before we duplicate the handle. For OOB, we don't have
access to the internals, so we will continue to use the IntPtr Handle property.
@vcsjones vcsjones requested a review from bartonjs September 4, 2025 22:13
@vcsjones vcsjones added this to the 10.0.0 milestone Sep 4, 2025
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Sep 4, 2025

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@bartonjs bartonjs requested a review from artl93 September 4, 2025 22:18
This was referenced Sep 5, 2025
Open
Open
Open
@artl93 artl93 added the Servicing-approved Approved for servicing release label Sep 5, 2025
@artl93 artl93 merged commit 6883bb2 into release/10.0 Sep 5, 2025
92 of 95 checks passed
@bartonjs bartonjs deleted the backport/pr-119362-to-release/10.0 branch September 5, 2025 17:38
@vcsjones vcsjones mentioned this pull request Sep 5, 2025
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Oct 6, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@artl93 artl93 artl93 approved these changes

@bartonjs bartonjs bartonjs approved these changes

Assignees

No one assigned

Labels

area-System.Security Servicing-approved Approved for servicing release

Projects

None yet

Milestone

10.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@artl93 @bartonjs @vcsjones