1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
Source: http://pkgs.fedoraproject.org/gitweb/?p=cups.git;a=blob;f=cups-serialize-gnutls.patch;h=cdd82cb95574801bf714364a585e31eb05191750;hb=HEAD
Reason: Perform locking for gnutls and avoid libgcrypt's broken locking (Gentoo bug #350406)
Upstream: http://cups.org/str.php?L3605
diff -up cups-1.4.4/cups/http.c.serialize-gnutls cups-1.4.4/cups/http.c
--- cups-1.4.4/cups/http.c.serialize-gnutls 2010-09-17 13:37:01.858871762 +0100
+++ cups-1.4.4/cups/http.c 2010-09-17 13:55:22.579871934 +0100
@@ -149,7 +149,7 @@ static int http_write_ssl(http_t *http,
# ifdef HAVE_GNUTLS
# ifdef HAVE_PTHREAD_H
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+static pthread_mutex_t gnutls_lock;
# endif /* HAVE_PTHREAD_H */
# elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
@@ -1231,7 +1231,7 @@ httpInitialize(void)
*/
# ifdef HAVE_PTHREAD_H
- gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ pthread_mutex_init(&gnutls_lock, NULL);
# endif /* HAVE_PTHREAD_H */
/*
@@ -2228,6 +2228,7 @@ _httpWait(http_t *http, /* I - Connect
if (SSL_pending((SSL *)(http->tls)))
return (1);
# elif defined(HAVE_GNUTLS)
+ /* lock already held here... */
if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
return (1);
# elif defined(HAVE_CDSASSL)
@@ -2294,6 +2295,8 @@ int /* O - 1 if data is available, 0
httpWait(http_t *http, /* I - Connection to server */
int msec) /* I - Milliseconds to wait */
{
+ int ret;
+
/*
* First see if there is data in the buffer...
*/
@@ -2318,7 +2321,17 @@ httpWait(http_t *http, /* I - Connecti
* If not, check the SSL/TLS buffers and do a select() on the connection...
*/
- return (_httpWait(http, msec, 1));
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+ pthread_mutex_lock(&gnutls_lock);
+#endif
+
+ ret = _httpWait(http, msec, 1);
+
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+ pthread_mutex_unlock(&gnutls_lock);
+#endif
+
+ return (ret);
}
@@ -2769,7 +2782,9 @@ http_read_ssl(http_t *http, /* I - Conn
ssize_t result; /* Return value */
+ pthread_mutex_lock(&gnutls_lock);
result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
+ pthread_mutex_unlock(&gnutls_lock);
if (result < 0 && !errno)
{
@@ -3085,6 +3100,7 @@ http_setup_ssl(http_t *http) /* I - Con
return (-1);
}
+ pthread_mutex_lock(&gnutls_lock);
gnutls_certificate_allocate_credentials(credentials);
gnutls_init(&(conn->session), GNUTLS_CLIENT);
@@ -3104,9 +3120,11 @@ http_setup_ssl(http_t *http) /* I - Con
free(credentials);
free(conn);
+ pthread_mutex_unlock(&gnutls_lock);
return (-1);
}
+ pthread_mutex_unlock(&gnutls_lock);
conn->credentials = credentials;
# elif defined(HAVE_CDSASSL)
@@ -3196,9 +3214,11 @@ http_shutdown_ssl(http_t *http) /* I -
conn = (http_tls_t *)(http->tls);
credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
+ pthread_mutex_lock(&gnutls_lock);
gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
gnutls_deinit(conn->session);
gnutls_certificate_free_credentials(*credentials);
+ pthread_mutex_unlock(&gnutls_lock);
free(credentials);
free(conn);
@@ -3445,7 +3465,9 @@ http_write_ssl(http_t *http, /* I -
# elif defined(HAVE_GNUTLS)
ssize_t result; /* Return value */
+ pthread_mutex_lock(&gnutls_lock);
result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
+ pthread_mutex_unlock(&gnutls_lock);
if (result < 0 && !errno)
{
|
GitWeb