From 57bf3d97a722a11c42eab766e5315a8bf4dd14f9 Mon Sep 17 00:00:00 2001
From: "Mark D. Roth" <roth@google.com>
Date: Wed, 14 Aug 2024 20:19:18 +0000
Subject: [PATCH] [secure endpoint] fix race condition from #37358

---
 src/core/handshaker/security/secure_endpoint.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/core/handshaker/security/secure_endpoint.cc b/src/core/handshaker/security/secure_endpoint.cc
index 490110b78b540..cf720f19d2190 100644
--- a/src/core/handshaker/security/secure_endpoint.cc
+++ b/src/core/handshaker/security/secure_endpoint.cc
@@ -252,6 +252,13 @@ static void on_read(void* user_data, grpc_error_handle error) {
 
   {
     grpc_core::MutexLock l(&ep->read_mu);
+
+    // If we were shut down after this callback was scheduled with OK
+    // status but before it was invoked, we need to treat that as an error.
+    if (ep->wrapped_ep == nullptr && error.ok()) {
+      error = absl::CancelledError("secure endpoint shutdown");
+    }
+
     uint8_t* cur = GRPC_SLICE_START_PTR(ep->read_staging_buffer);
     uint8_t* end = GRPC_SLICE_END_PTR(ep->read_staging_buffer);
 
@@ -505,8 +512,10 @@ static void endpoint_write(grpc_endpoint* secure_ep, grpc_slice_buffer* slices,
 
 static void endpoint_destroy(grpc_endpoint* secure_ep) {
   secure_endpoint* ep = reinterpret_cast<secure_endpoint*>(secure_ep);
+  ep->read_mu.Lock();
   ep->wrapped_ep.reset();
   ep->memory_owner.Reset();
+  ep->read_mu.Unlock();
   SECURE_ENDPOINT_UNREF(ep, "destroy");
 }