dnsdist: Fix missing locks in DNSCrypt certificates management

author Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 3 May 2021 08:22:08 +0000 (10:22 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 3 May 2021 08:22:08 +0000 (10:22 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 3 May 2021 08:22:08 +0000 (10:22 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 3 May 2021 08:22:08 +0000 (10:22 +0200)
diff --git a/pdns/dnscrypt.cc b/pdns/dnscrypt.cc

index 4a0abe56569f2e408ac1858a36755d21ed9783df..d728a5c32e79a985a751b387cddf196c5debb9f8 100644 (file)
--- a/pdns/dnscrypt.cc
+++ b/pdns/dnscrypt.cc
@@ -327,14 +327,22 @@ void DNSCryptContext::loadNewCertificate(const std::string& certFile, const std:
    auto newPair = DNSCryptContext::loadCertificatePair(certFile, keyFile);
    newPair->active = active;
    addNewCertificate(newPair, reload);
-  d_certKeyPaths.push_back({certFile, keyFile});
+  {
+    WriteLock w(&d_lock);
+    d_certKeyPaths.push_back({certFile, keyFile});
+  }
  }
  
  void DNSCryptContext::reloadCertificates()
  {
    std::vector<std::shared_ptr<DNSCryptCertificatePair>> newCerts;
-  for (const auto& pair : d_certKeyPaths) {
-    newCerts.push_back(DNSCryptContext::loadCertificatePair(pair.cert, pair.key));
+
+  {
+    ReadLock rl(&d_lock);
+    newCerts.reserve(d_certKeyPaths.size());
+    for (const auto& pair : d_certKeyPaths) {
+      newCerts.push_back(DNSCryptContext::loadCertificatePair(pair.cert, pair.key));
+    }
    }
  
    {
@@ -343,6 +351,16 @@ void DNSCryptContext::reloadCertificates()
    }
  }
  
+std::vector<std::shared_ptr<DNSCryptCertificatePair>> DNSCryptContext::getCertificates() {
+  std::vector<std::shared_ptr<DNSCryptCertificatePair>> ret;
+  {
+    ReadLock w(&d_lock);
+    ret = d_certs;
+  }
+
+  return ret;
+};
+
  void DNSCryptContext::markActive(uint32_t serial)
  {
    WriteLock w(&d_lock);
diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh

index 8139e281e55eef306a3a2f1ea693c695a597a651..0dec4c2883bec3de001fee446c18093a3c5bb426 100644 (file)
--- a/pdns/dnscrypt.hh
+++ b/pdns/dnscrypt.hh
@@ -278,7 +278,7 @@ public:
    void markActive(uint32_t serial);
    void markInactive(uint32_t serial);
    void removeInactiveCertificate(uint32_t serial);
-  std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return d_certs; };
+  std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates();
    const DNSName& getProviderName() const { return providerName; }
  
    int encryptQuery(PacketBuffer& query, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr<DNSCryptCert>& cert) const;
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 3 May 2021 08:22:08 +0000 (10:22 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 3 May 2021 08:22:08 +0000 (10:22 +0200)
pdns/dnscrypt.cc		patch \| blob \| blame \| history
pdns/dnscrypt.hh		patch \| blob \| blame \| history