From 82f22986583a1631c96661a598579b5d81d5859d Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 5 Jan 2017 15:09:17 +0700
Subject: [PATCH] fix race condition in client crypto setup

---
 handshake/crypto_setup_client.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/handshake/crypto_setup_client.go b/handshake/crypto_setup_client.go
index b4cd1999..80cf59c3 100644
--- a/handshake/crypto_setup_client.go
+++ b/handshake/crypto_setup_client.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"sync"
 	"time"
 
 	"github.com/lucas-clemente/quic-go/crypto"
@@ -16,6 +17,8 @@ import (
 )
 
 type cryptoSetupClient struct {
+	mutex sync.RWMutex
+
 	hostname           string
 	connID             protocol.ConnectionID
 	version            protocol.VersionNumber
@@ -186,6 +189,9 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
 }
 
 func (h *cryptoSetupClient) handleSHLOMessage(cryptoData map[Tag][]byte) error {
+	h.mutex.Lock()
+	defer h.mutex.Unlock()
+
 	if !h.receivedSecurePacket {
 		return qerr.Error(qerr.CryptoEncryptionLevelIncorrect, "unencrypted SHLO message")
 	}
@@ -323,7 +329,10 @@ func (h *cryptoSetupClient) UnlockForSealing() {
 }
 
 func (h *cryptoSetupClient) HandshakeComplete() bool {
-	return h.forwardSecureAEAD != nil
+	h.mutex.RLock()
+	complete := h.forwardSecureAEAD != nil
+	h.mutex.RUnlock()
+	return complete
 }
 
 func (h *cryptoSetupClient) sendCHLO() error {
@@ -414,6 +423,9 @@ func (h *cryptoSetupClient) maybeUpgradeCrypto() error {
 		return nil
 	}
 
+	h.mutex.Lock()
+	defer h.mutex.Unlock()
+
 	leafCert := h.certManager.GetLeafCert()
 
 	if h.secureAEAD == nil && (h.serverConfig != nil && len(h.serverConfig.sharedSecret) > 0 && len(h.nonc) > 0 && len(leafCert) > 0 && len(h.diversificationNonce) > 0 && len(h.lastSentCHLO) > 0) {