cmd/derper: fix data race & server panic in manual cert mode

(Thanks for debugging, Roland!) Fixes #4082 Change-Id: I400a64001c3c58899bb570b759b08e745abc0be1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-01-05 14:57:49 +00:00 · 2022-08-10 15:01:36 -07:00 · 2022-08-10 15:01:36 -07:00 · 090033ede5
commit 090033ede5
parent 9996d94b3c
1 changed files with 12 additions and 1 deletions
--- a/cmd/derper/cert.go
+++ b/cmd/derper/cert.go
@ -20,6 +20,11 @@

 type certProvider interface {
 	// TLSConfig creates a new TLS config suitable for net/http.Server servers.
+	//
+	// The returned Config must have a GetCertificate function set and that
+	// function must return a unique *tls.Certificate for each call. The
+	// returned *tls.Certificate will be mutated by the caller to append to the
+	// (*tls.Certificate).Certificate field.
 	TLSConfig() *tls.Config
 	// HTTPHandler handle ACME related request, if any.
 	HTTPHandler(fallback http.Handler) http.Handler
@ -87,7 +92,13 @@ func (m *manualCertManager) getCertificate(hi *tls.ClientHelloInfo) (*tls.Certif
 	if hi.ServerName != m.hostname {
 		return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName)
 	}
-	return m.cert, nil
+
+	// Return a shallow copy of the cert so the caller can append to its
+	// Certificate field.
+	certCopy := new(tls.Certificate)
+	*certCopy = *m.cert
+	certCopy.Certificate = certCopy.Certificate[:len(certCopy.Certificate):len(certCopy.Certificate)]
+	return certCopy, nil
 }

 func (m *manualCertManager) HTTPHandler(fallback http.Handler) http.Handler {