diff options
| author | NIIBE Yutaka <[email protected]> | 2025-10-22 02:03:18 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2025-10-22 02:03:18 +0000 |
| commit | 2d9e1295a1f4a6929efeccfb1d8492eee4ff588b (patch) | |
| tree | 8f988527ea48654641344f97369dd872e555eeca /g10/getkey.c | |
| parent | gpgsm: Fix delete and store certificate locking glitches. (diff) | |
| download | gnupg-2d9e1295a1f4a6929efeccfb1d8492eee4ff588b.tar.gz gnupg-2d9e1295a1f4a6929efeccfb1d8492eee4ff588b.zip | |
gpg,gpgsm: Serialize write access to keybox/keyring to protect.
* g10/keydb.c (internal_keydb_update_keyblock): Caller should lock the
resource by keydb_lock, before use of this routine.
(internal_keydb_insert_keyblock): Likewise.
(internal_keydb_delete_keyblock): Likewise.
* g10/delkey.c (do_delete_key): Serialize the access to the resource.
* g10/import.c (import_revoke_cert): Likewise.
* g10/keyedit.c (quick_find_keyblock): Likewise.
* g10/keygen.c (quick_find_keyblock): Likewise.
* sm/delete.c (delete_one): Lock earlier to protect the resource
correctly.
* sm/keydb.c (do_set_flags): Rename from keydb_set_flags.
(keydb_set_cert_flags): Follow the change.
(keydb_update_cert): Require locked by caller.
* sm/keydb.h (keydb_set_flags): Remove.
--
GnuPG-bug-id: 7855
Signed-off-by: NIIBE Yutaka <[email protected]>
Diffstat (limited to 'g10/getkey.c')
| -rw-r--r-- | g10/getkey.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 6af6dc0a5..efb157645 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -799,10 +799,10 @@ leave: should be freed using release_kbnode(). If RET_KDBHD is not NULL, then the new database handle used to - conduct the search is returned in *RET_KDBHD. This can be used to - get subsequent results using keydb_search_next. Note: in this - case, no advanced filtering is done for subsequent results (e.g., - WANT_SECRET and PK->REQ_USAGE are not respected). + conduct the search is returned in *RET_KDBHD, holding the lock. + This can be used to get subsequent results using keydb_search_next. + Note: in this case, no advanced filtering is done for subsequent + results (e.g., WANT_SECRET and PK->REQ_USAGE are not respected). This function returns 0 on success. Otherwise, an error code is returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY @@ -895,6 +895,9 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist, if (!ret_kb) ret_kb = &help_kb; + if (ret_kdbhd) + keydb_lock (ctx->kr_handle); + if (pk) { /* It is a bit tricky to allow returning an ADSK key: lookup |