You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -33,15 +33,26 @@ added, or a variable's contents being enlarged.
33
33
This is shown to occur on Linux, but it will also likely occur on any other platform where `getenv`
34
34
and `setenv` are not thread-safe, though trigger conditions may vary widely.
35
35
36
+
## Rust's `set_env`
37
+
38
+
This crate, and all callers of the Rust `set_env` function (<https://doc.rust-lang.org/std/env/fn.set_var.html>)
39
+
are unsound due to some early decisions in the Rust ecosystem that provided these functions without
40
+
an `unsafe` marker. The real problem, however, lies in the POSIX standard which defines this method
41
+
without making any sort of thread-safety guarantees.
42
+
43
+
In Rust's 2024 edition these environment setters are made `unsafe` and the documentation was updated to note
44
+
that the only safe way to use these functions is in a single-threaded context.
45
+
36
46
## Affected Code
37
47
38
-
The affected function is`try_init_ssl_cert_env_vars` in
39
-
<https://github.com/alexcrichton/openssl-probe/blob/db67c9e5b333b1b4164467b17f5d99207fad004c/src/lib.rs#L65>, and
48
+
The affected functions are `init_ssl_cert_env_vars` and`try_init_ssl_cert_env_vars` in
49
+
<https://github.com/alexcrichton/openssl-probe/blob/db67c9e5b333b1b4164467b17f5d99207fad004c/src/lib.rs#L52> and <https://github.com/alexcrichton/openssl-probe/blob/db67c9e5b333b1b4164467b17f5d99207fad004c/src/lib.rs#L65>, respectively, and
40
50
any other library's function which may call this function directly or indirectly
41
-
<https://github.com/search?q=try_init_ssl_cert_env_vars&type=code>. `native_tls <= 0.2.12` may
51
+
<[https://github.com/search?q=try_init_ssl_cert_env_vars&type=code](https://github.com/search?q=try_init_ssl_cert_env_vars+OR+init_ssl_cert_env_vars&type=code)>. `native_tls <= 0.2.12` may
42
52
do so in certain configurations <https://github.com/sfackler/rust-native-tls/blob/2424bc5efd1b8b4bcf60dbda93259a3f29db7f06/Cargo.toml>.
43
53
44
-
The crate's author released a fix in versions `>=0.1.6` which marks these functions as `unsafe` and `#[deprecated]`.
54
+
The crate's author released a fix in versions `>=0.1.6` which marks these functions as `#[deprecated]` and adds
55
+
new `unsafe` equivalents <https://github.com/alexcrichton/openssl-probe/commit/3ea7c1af24d7f03c5786872f06ff066e03b75138>.
0 commit comments