From 8fc7d769ab3a680e2ae3a93691cbc1ecccf831ee Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 23 May 2015 23:50:08 +0200 Subject: [PATCH] Fix race in httpsRequestModifier.ModifyRequest when writing tlsConfig Signed-off-by: Antonio Murdaca --- docs/registry.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/registry.go b/docs/registry.go index 4436f135b..47bd2553f 100644 --- a/docs/registry.go +++ b/docs/registry.go @@ -14,6 +14,7 @@ import ( "path/filepath" "runtime" "strings" + "sync" "time" "github.com/Sirupsen/logrus" @@ -56,7 +57,10 @@ func init() { dockerUserAgent = useragent.AppendVersions("", httpVersion...) } -type httpsRequestModifier struct{ tlsConfig *tls.Config } +type httpsRequestModifier struct { + mu sync.Mutex + tlsConfig *tls.Config +} // DRAGONS(tiborvass): If someone wonders why do we set tlsconfig in a roundtrip, // it's because it's so as to match the current behavior in master: we generate the @@ -125,8 +129,10 @@ func (m *httpsRequestModifier) ModifyRequest(req *http.Request) error { } } } + m.mu.Lock() m.tlsConfig.RootCAs = roots m.tlsConfig.Certificates = certs + m.mu.Unlock() } return nil } @@ -175,7 +181,7 @@ func NewTransport(timeout TimeoutType, secure bool) http.RoundTripper { if secure { // note: httpsTransport also handles http transport // but for HTTPS, it sets up the certs - return transport.NewTransport(tr, &httpsRequestModifier{tlsConfig}) + return transport.NewTransport(tr, &httpsRequestModifier{tlsConfig: tlsConfig}) } return tr