From dd8913608d5809a8af172a63bc429311a3d971e3 Mon Sep 17 00:00:00 2001 From: Trevor Gross Date: Wed, 20 Dec 2023 17:33:20 -0500 Subject: [PATCH] Update the wording of RUSTSEC-2023-0072 (#1831) Make the interior mutability issue more clear --- crates/openssl/RUSTSEC-2023-0072.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/openssl/RUSTSEC-2023-0072.md b/crates/openssl/RUSTSEC-2023-0072.md index dfed65d..e8e5836 100644 --- a/crates/openssl/RUSTSEC-2023-0072.md +++ b/crates/openssl/RUSTSEC-2023-0072.md @@ -16,6 +16,6 @@ patched = [">= 0.10.60"] # `openssl` `X509StoreRef::objects` is unsound -This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind ones back. +This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound. Use of this function should be replaced with `X509StoreRef::all_certificates`.