fix: remove static buffer in get_message_digest() for thread safety#136
Merged
timlegge merged 1 commit intoMar 22, 2026
Merged
Conversation
get_message_digest() used a static unsigned char buffer shared across all calls, making it unsafe under Perl ithreads — concurrent sign()/verify() calls would corrupt each other's digest. Replace with caller-provided stack buffer (EVP_MAX_MD_SIZE = 64 bytes). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
timlegge
approved these changes
Mar 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
staticbuffer fromget_message_digest()unsigned char[EVP_MAX_MD_SIZE])What
get_message_digest()used astatic unsigned char m[EVP_MAX_MD_SIZE]— a single shared buffer across all calls.Why
Under Perl ithreads, concurrent
sign()orverify()calls from different threads would write their digests to the same memory, corrupting results silently. This is a data race with no error message — the worst kind of bug.How
Changed
get_message_digest()to accept a caller-provided buffer instead of using a static one. Both callers (sign()andverify()) now declareunsigned char digest_buf[EVP_MAX_MD_SIZE]on their stack frame (64 bytes — trivial).Testing
Full test suite passes (499 tests, 16 files). Thread-specific tests would require
use threadsinfrastructure not currently in the test suite.🤖 Generated with Claude Code
Quality Report
Changes: 1 file changed, 5 insertions(+), 6 deletions(-)
Code scan: clean
Tests: passed (OK)
Branch hygiene: clean
Generated by Kōan post-mission quality pipeline