winhttp: Make accessing session credential handle thread safe.

dlls/winhttp/request.c

@@ -1608,21 +1608,29 @@ static DWORD map_secure_protocols( DWORD mask )
 
 static BOOL ensure_cred_handle( session_t *session )
 {
-    SCHANNEL_CRED cred;
-    SECURITY_STATUS status;
+    SECURITY_STATUS status = SEC_E_OK;
 
     if (session->cred_handle_initialized) return TRUE;
 
+    EnterCriticalSection( &session->cs );
+    if (!session->cred_handle_initialized)
+    {
+        SCHANNEL_CRED cred;
         memset( &cred, 0, sizeof(cred) );
         cred.dwVersion             = SCHANNEL_CRED_VERSION;
         cred.grbitEnabledProtocols = map_secure_protocols( session->secure_protocols );
-    if ((status = AcquireCredentialsHandleW( NULL, (WCHAR *)UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL, &cred,
-                                             NULL, NULL, &session->cred_handle, NULL )) != SEC_E_OK)
+        status = AcquireCredentialsHandleW( NULL, (WCHAR *)UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL,
+                                            &cred, NULL, NULL, &session->cred_handle, NULL );
+        if (status == SEC_E_OK)
+            session->cred_handle_initialized = TRUE;
+    }
+    LeaveCriticalSection( &session->cs );
+
+    if (status != SEC_E_OK)
     {
         WARN( "AcquireCredentialsHandleW failed: 0x%08x\n", status );
         return FALSE;
     }
-    session->cred_handle_initialized = TRUE;
     return TRUE;
 }
 

dlls/winhttp/session.c

@@ -198,7 +198,9 @@ static BOOL session_set_option( object_header_t *hdr, DWORD option, LPVOID buffe
             set_last_error( ERROR_INSUFFICIENT_BUFFER );
             return FALSE;
         }
+        EnterCriticalSection( &session->cs );
         session->secure_protocols = *(DWORD *)buffer;
+        LeaveCriticalSection( &session->cs );
         TRACE("0x%x\n", session->secure_protocols);
         return TRUE;
     }