diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-26 15:49:32 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-26 15:49:32 +0200 |
| commit | 331a6442021405ecc0704fc11adb42178c917e67 (patch) | |
| tree | e1c1966485c2eb15ae8e901926dfb6f7adfaa105 | |
| parent | fce6ddc99fe4894bbacf2271653d558292183d62 (diff) | |
| download | rsyslog-331a6442021405ecc0704fc11adb42178c917e67.tar.gz rsyslog-331a6442021405ecc0704fc11adb42178c917e67.tar.xz rsyslog-331a6442021405ecc0704fc11adb42178c917e67.zip | |
protected gtls error string function by a mutex.
Without it, we could have a race condition in extreme cases.
This was very remote, but now can no longer happen.
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | runtime/nsd_gtls.c | 8 |
2 files changed, 10 insertions, 1 deletions
@@ -1,6 +1,9 @@ - implemented x509/certvalid gtls auth mode - implemented x509/name gtls auth mode - changed fingerprint gtls auth mode to new format fingerprint +- protected gtls error string function by a mutex. Without it, we + could have a race condition in extreme cases. This was very remote, + but now can no longer happen. - changed config directive name to reflect different use $ActionSendStreamDriverCertFingerprint is now $ActionSendStreamDriverPermittedPeer and can be used both for diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index aaa3159c..4f1a82e3 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -31,6 +31,7 @@ #include <gnutls/x509.h> #include <gcrypt.h> #include <errno.h> +#include <pthread.h> #include "rsyslog.h" #include "syslogd-types.h" @@ -60,6 +61,8 @@ DEFobjCurrIf(nsd_ptcp) static int bGlblSrvrInitDone = 0; /**< 0 - server global init not yet done, 1 - already done */ +static pthread_mutex_t mutGtlsStrerror; /**< a mutex protecting the potentially non-reentrant gtlStrerror() function */ + /* a macro to check GnuTLS calls against unexpected errors */ #define CHKgnutls(x) \ if((gnuRet = (x)) != 0) { \ @@ -311,8 +314,9 @@ uchar *gtlsStrerror(int error) { uchar *pErr; - // TODO: guard by mutex! + pthread_mutex_lock(&mutGtlsStrerror); pErr = (uchar*) strdup(gnutls_strerror(error)); + pthread_mutex_unlock(&mutGtlsStrerror); return pErr; } @@ -1389,6 +1393,7 @@ BEGINmodExit CODESTARTmodExit nsdsel_gtlsClassExit(); nsd_gtlsClassExit(); + pthread_mutex_destroy(&mutGtlsStrerror); ENDmodExit @@ -1406,6 +1411,7 @@ CODESTARTmodInit CHKiRet(nsd_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ CHKiRet(nsdsel_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ + pthread_mutex_init(&mutGtlsStrerror, NULL); ENDmodInit /* vi:set ai: */ |