diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2016-10-29 05:25:05 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2018-09-07 05:28:11 +0000 |
| commit | 04b56eff118ec34432c368b87e724bce1ac683f9 (patch) | |
| tree | 7233a9522dd168b865592269fe7756e6565f7519 /g10/call-dirmngr.c | |
| parent | g10: Fix memory leak. (diff) | |
| download | gnupg-04b56eff118ec34432c368b87e724bce1ac683f9.tar.gz gnupg-04b56eff118ec34432c368b87e724bce1ac683f9.zip | |
dirmngr: hkp: Avoid potential race condition when some hosts die.
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.
--
Multiple threads may write to hosttable[x]->dead while
select_random_host() is running. For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.
If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.
This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.
As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.
However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block. Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.
GnuPG-bug-id: 2836
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat (limited to 'g10/call-dirmngr.c')
0 files changed, 0 insertions, 0 deletions