1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-26 15:37:03 +01:00
Daniel Kahn Gillmor 24507b1567 dirmngr: hkp: Avoid potential race condition when some hosts die.
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.

--

Multiple threads may write to hosttable[x]->dead while
select_random_host() is running.  For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.

If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.

This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.

As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.

However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block.  Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic dirmngr-idling
Gbp-Pq: Name dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
2019-07-20 14:16:19 -04:00
..
2010-12-14 19:17:58 +00:00
2017-02-21 13:11:46 -05:00
2018-11-12 12:42:03 +01:00
2016-09-17 15:57:31 +09:00
2017-07-19 13:41:18 +09:00
2017-03-03 17:17:26 +01:00
2017-03-07 20:25:54 +09:00
2017-03-07 20:25:54 +09:00
2017-03-07 20:25:54 +09:00
2014-03-07 19:00:31 +01:00
2010-06-09 16:53:51 +00:00
2018-11-05 09:04:32 +01:00
2010-06-09 16:53:51 +00:00
2011-02-04 12:57:53 +01:00
2019-07-03 15:43:47 +02:00
2017-03-07 20:25:54 +09:00