summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2008-05-26 15:49:32 +0200
committerRainer Gerhards <rgerhards@adiscon.com>2008-05-26 15:49:32 +0200
commit331a6442021405ecc0704fc11adb42178c917e67 (patch)
treee1c1966485c2eb15ae8e901926dfb6f7adfaa105
parentfce6ddc99fe4894bbacf2271653d558292183d62 (diff)
downloadrsyslog-331a6442021405ecc0704fc11adb42178c917e67.tar.gz
rsyslog-331a6442021405ecc0704fc11adb42178c917e67.tar.xz
rsyslog-331a6442021405ecc0704fc11adb42178c917e67.zip
protected gtls error string function by a mutex.
Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen.
-rw-r--r--ChangeLog3
-rw-r--r--runtime/nsd_gtls.c8
2 files changed, 10 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 4a65e0c5..6691ac70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
- implemented x509/certvalid gtls auth mode
- implemented x509/name gtls auth mode
- changed fingerprint gtls auth mode to new format fingerprint
+- protected gtls error string function by a mutex. Without it, we
+ could have a race condition in extreme cases. This was very remote,
+ but now can no longer happen.
- changed config directive name to reflect different use
$ActionSendStreamDriverCertFingerprint is now
$ActionSendStreamDriverPermittedPeer and can be used both for
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index aaa3159c..4f1a82e3 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -31,6 +31,7 @@
#include <gnutls/x509.h>
#include <gcrypt.h>
#include <errno.h>
+#include <pthread.h>
#include "rsyslog.h"
#include "syslogd-types.h"
@@ -60,6 +61,8 @@ DEFobjCurrIf(nsd_ptcp)
static int bGlblSrvrInitDone = 0; /**< 0 - server global init not yet done, 1 - already done */
+static pthread_mutex_t mutGtlsStrerror; /**< a mutex protecting the potentially non-reentrant gtlStrerror() function */
+
/* a macro to check GnuTLS calls against unexpected errors */
#define CHKgnutls(x) \
if((gnuRet = (x)) != 0) { \
@@ -311,8 +314,9 @@ uchar *gtlsStrerror(int error)
{
uchar *pErr;
- // TODO: guard by mutex!
+ pthread_mutex_lock(&mutGtlsStrerror);
pErr = (uchar*) strdup(gnutls_strerror(error));
+ pthread_mutex_unlock(&mutGtlsStrerror);
return pErr;
}
@@ -1389,6 +1393,7 @@ BEGINmodExit
CODESTARTmodExit
nsdsel_gtlsClassExit();
nsd_gtlsClassExit();
+ pthread_mutex_destroy(&mutGtlsStrerror);
ENDmodExit
@@ -1406,6 +1411,7 @@ CODESTARTmodInit
CHKiRet(nsd_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
CHKiRet(nsdsel_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ pthread_mutex_init(&mutGtlsStrerror, NULL);
ENDmodInit
/* vi:set ai:
*/