dirmngr: Do not block during ADNS calls.

* dirmngr/dns-stuff.c: Include npth.h (my_unprotect, my_protect): New wrapper. (resolve_name_adns): Put unprotect/protect around adns calls. (get_dns_cert): Ditto. (getsrv): Ditto. (get_dns_cname): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-03 12:11:33 +01:00 · 2015-11-12 13:31:59 +01:00 · 2015-11-12 13:31:59 +01:00 · a3b26d6c08
commit a3b26d6c08
parent a2cc1d5755
2 changed files with 36 additions and 8 deletions
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@ -142,6 +142,7 @@ t_ldap_parse_uri_SOURCES = \
 t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1
 t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS)

+t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1
 t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c
 t_dns_stuff_LDADD   = $(t_common_ldadd) $(DNSLIBS)

--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@ -51,10 +51,25 @@
 # error Either getaddrinfo or the ADNS libary is required.
 #endif

+#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
+# undef USE_NPTH
+#endif
+#ifdef USE_NPTH
+# include <npth.h>
+#endif
+
 #include "util.h"
 #include "host2net.h"
 #include "dns-stuff.h"

+#ifdef USE_NPTH
+# define my_unprotect()        npth_unprotect ()
+# define my_protect()          npth_protect ()
+#else
+# define my_unprotect()        do { } while(0)
+# define my_protect()          do { } while(0)
+#endif
+
 /* We allow the use of 0 instead of AF_UNSPEC - check this assumption.  */
 #if AF_UNSPEC != 0
 # error AF_UNSPEC does not have the value 0
@ -231,6 +246,7 @@ resolve_name_adns (const char *name, unsigned short port,
                   dns_addrinfo_t *r_dai, char **r_canonname)
 {
  gpg_error_t err = 0;
+  int ret;
  dns_addrinfo_t daihead = NULL;
  dns_addrinfo_t dai;
  adns_state state;
@ -251,8 +267,11 @@ resolve_name_adns (const char *name, unsigned short port,
  if (err)
    return err;

-  if (adns_synchronous (state, name, adns_r_addr,
-                        adns_qf_quoteok_query, &answer))
+  my_unprotect ();
+  ret = adns_synchronous (state, name, adns_r_addr,
+                          adns_qf_quoteok_query, &answer);
+  my_protect ();
+  if (ret)
    {
      err = gpg_error_from_syserror ();
      log_error ("DNS query failed: %s\n", gpg_strerror (err));
@ -629,6 +648,7 @@ get_dns_cert (const char *name, int want_certtype,
 #ifdef USE_DNS_CERT
 #ifdef USE_ADNS
  gpg_error_t err;
+  int ret;
  adns_state state;
  adns_answer *answer = NULL;
  unsigned int ctype;
@ -646,12 +666,15 @@ get_dns_cert (const char *name, int want_certtype,
  if (err)
    return err;

-  if (adns_synchronous (state, name,
+  my_unprotect ();
+  ret = adns_synchronous (state, name,
                          (adns_r_unknown
                           | (want_certtype < DNS_CERTTYPE_RRBASE
                              ? my_adns_r_cert
                              : (want_certtype - DNS_CERTTYPE_RRBASE))),
-                        adns_qf_quoteok_query, &answer))
+                          adns_qf_quoteok_query, &answer);
+  my_protect ();
+  if (ret)
    {
      err = gpg_error_from_syserror ();
      /* log_error ("DNS query failed: %s\n", strerror (errno)); */
@ -1001,8 +1024,10 @@ getsrv (const char *name,struct srventry **list)
    if (my_adns_init (&state))
      return -1;

+    my_unprotect ();
    rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
                           &answer);
+    my_protect ();
    if (rc)
      {
        log_error ("DNS query failed: %s\n", strerror (errno));
@ -1241,8 +1266,10 @@ get_dns_cname (const char *name, char **r_cname)
    if (my_adns_init (&state))
      return gpg_error (GPG_ERR_GENERAL);

+    my_unprotect ();
    rc = adns_synchronous (state, name, adns_r_cname, adns_qf_quoteok_query,
                           &answer);
+    my_protect ();
    if (rc)
      {
        err = gpg_error_from_syserror ();