Fix downstream race conditions with NewAccountFunc

mholt · mholt · commit 51b31907aaa0 · 2023-07-19T16:12:43.000-06:00
These functions typically modify the ACMEIssuer.
Only one such consumer of this API is known (Caddy).
diff --git a/acmeclient.go b/acmeclient.go
@@ -68,7 +68,10 @@ func (iss *ACMEIssuer) newACMEClientWithAccount(ctx context.Context, useTestCA,
 	// register account if it is new
 	if account.Status == "" {
 		if iss.NewAccountFunc != nil {
+			// obtain lock here, since NewAccountFunc calls happen concurrently and they typically read and change the issuer
+			iss.mu.Lock()
 			account, err = iss.NewAccountFunc(ctx, iss, account)
+			iss.mu.Unlock()
 			if err != nil {
 				return nil, fmt.Errorf("account pre-registration callback: %v", err)
 			}
diff --git a/acmeissuer.go b/acmeissuer.go
@@ -132,7 +132,7 @@ type ACMEIssuer struct {
 	// synchronize properly.
 	email  string
 	agreed bool
-	mu     *sync.Mutex // protects the above grouped fields
+	mu     *sync.Mutex // protects the above grouped fields, as well as entire struct during NewAccountFunc calls
 }
 
 // NewACMEIssuer constructs a valid ACMEIssuer based on a template

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ type ACMEIssuer struct {`
`132`	`132`	`// synchronize properly.`
`133`	`133`	`email string`
`134`	`134`	`agreed bool`
`135`		`- mu *sync.Mutex // protects the above grouped fields`
	`135`	`+ mu *sync.Mutex // protects the above grouped fields, as well as entire struct during NewAccountFunc calls`
`136`	`136`	`}`
`137`	`137`
`138`	`138`	`// NewACMEIssuer constructs a valid ACMEIssuer based on a template`