Skip to content

[release/10.0] Fix thread safety in SafeEvpPKeyHandle.DuplicateHandle#124613

Open
github-actions[bot] wants to merge 8 commits intorelease/10.0from
backport/pr-124485-to-release/10.0
Open

[release/10.0] Fix thread safety in SafeEvpPKeyHandle.DuplicateHandle#124613
github-actions[bot] wants to merge 8 commits intorelease/10.0from
backport/pr-124485-to-release/10.0

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Feb 19, 2026

Backport of #124485 to release/10.0

Customer Impact

  • Customer reported
  • Found internally

Parallel calls to Dispose and DuplicateHandle on SafeEvpPKeyHandle can result in a state where the native handle gets up-ref'd, but the SafeHandle returned from DuplicateHandle is tracking the zero-valued handle, so the underlying free never gets called (and interacting with the returned SafeHandle doesn't do what you want, either).

Regression

  • Yes
  • No

Testing

A dedicated test is added with this change.

Risk

Low. DangerousAddRef/DangerousRelease is a standard treatment for SafeHandle atomicity.

Copilot AI and others added 8 commits February 19, 2026 19:07
Use DangerousAddRef/DangerousRelease to prevent the source handle from
being disposed by another thread while DuplicateHandle reads the handle
value. Capture handle and ExtraHandle values into local variables while
the ref count is elevated, so a concurrent Dispose cannot zero them out
before they are copied to the new SafeEvpPKeyHandle.

Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
…ut catch

Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
…t formatting

Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

@bartonjs bartonjs added the Servicing-consider Issue for next servicing release review label Feb 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area-System.Security Servicing-consider Issue for next servicing release review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments