From c48cf7e32ffa02ebdf00265543344c611bef0431 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 29 Dec 2016 10:07:43 +0900
Subject: scd: Fix a race condition for new_reader_slot.

* scd/apdu.c (reader_table_lock, apdu_init): New.
(new_reader_slot): Serialize by reader_table_lock.
* scd/app.c (lock_app, unlock_app, app_new_register): Fix error code
usage.
(initialize_module_command): Call apdu_init.
* scd/scdaemon.c (main): Handle error for initialize_module_command.

--

This is a long standing bug.  There are two different things; The
serialization of allocating a new SLOT, and the serialization of using
the SLOT.  The latter was implemented in new_reader_slot by lock_slot.
However, the former was not done.  Thus, there was a possible race where
a same SLOT is allocated to multiple threads.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/apdu.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'scd/apdu.h')

diff --git a/scd/apdu.h b/scd/apdu.h
index ba856af9e..3021cf7a5 100644
--- a/scd/apdu.h
+++ b/scd/apdu.h
@@ -84,6 +84,8 @@ enum {
 #define APDU_CARD_ACTIVE   (4)    /* Card is active.  */
 
 
+gpg_error_t apdu_init (void);
+
 /* Note, that apdu_open_reader returns no status word but -1 on error. */
 int apdu_open_reader (const char *portstr);
 int apdu_open_remote_reader (const char *portstr,
-- 
cgit v1.2.3